Docker Trusted Registry API Documentation

accounts : Accounts

Parameter	Value	Description	Parameter Type	Data Type
filter	all	Filter accounts by type or attribute - either 'users', 'orgs', 'admins', 'non-admins', or 'all' (default).	query	string
start	(empty)	Only return accounts with a name greater than or equal to this name.	query	string
limit	10	Maximum number of accounts per page of results.	query	Model Model Schema Empty `{}` Click to set as parameter value

Parameter	Value	Description	Parameter Type	Data Type
body			body	Model Model Schema forms.CreateAccount { name (string): Name of account , fullName (string): Full name of account , isOrg (boolean, optional): Whether the account is an organization , isAdmin (boolean, optional): Whether the user is an admin (users only) , isActive (boolean, optional): Whether the user is active and can login (users only) , password (string, optional): Password for the user (users only) } `{ "name": "string", "fullName": "string", "isOrg": true, "isAdmin": true, "isActive": true, "password": "string" }` Click to set as parameter value

delete /enzi/v0/accounts/{accountNameOrID}

Delete a user or organization

Parameter	Value	Description	Parameter Type	Data Type
accountNameOrID	(empty)	Name or id of account to delete	path	string

get /enzi/v0/accounts/{accountNameOrID}

Details for a user or organization

Parameter	Value	Description	Parameter Type	Data Type
accountNameOrID	(empty)	Name or id of account to fetch	path	string

patch /enzi/v0/accounts/{accountNameOrID}

Update details for a user or organization

Parameter	Value	Description	Parameter Type	Data Type
accountNameOrID	(empty)	Name or id of account to update	path	string
body			body	Model Model Schema forms.UpdateAccount { fullName (string, optional): Full name of account, unchanged if null or omitted , isAdmin (boolean, optional): Whether the user is an admin (users only), unchanged if null or omitted , isActive (boolean, optional): Whether the user is active and can login (users only), unchanged if null or omitted } `{ "fullName": "string", "isAdmin": true, "isActive": true }` Click to set as parameter value

post /enzi/v0/accounts/{userNameOrID}/changePassword

Change a user's password

Parameter	Value	Description	Parameter Type	Data Type
userNameOrID	(empty)	Name or id of username whose password is to be changed	path	string
body			body	Model Model Schema forms.ChangePassword { oldPassword (string): User's current password. Required if the client is changing their own password. May be omitted if an admin is changing another user's password , newPassword (string): User's new password } `{ "oldPassword": "string", "newPassword": "string" }` Click to set as parameter value

get /enzi/v0/accounts/{userNameOrID}/organizations

List a user's organization memberships

Parameter	Value	Description	Parameter Type	Data Type
userNameOrID	(empty)	Name or id of user to whose organizations will be listed	path	string
start	(empty)	Only return memberships with an org ID greater than or equal to this ID.	query	string
limit	10	Maximum number of organizations per page of results.	query	Model Model Schema integer { } `{}` Click to set as parameter value

get /enzi/v0/accounts/{orgNameOrID}/members

List members of an organization

Implementation Notes

Lists memberships in ascending order by user ID.

Response Class (Status 200)

{
  "members": [
    {
      "member": {
        "name": "string",
        "id": "string",
        "fullName": "string",
        "isOrg": true,
        "isAdmin": true,
        "isActive": true
      },
      "isAdmin": true
    }
  ]
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
orgNameOrID	(empty)	Name or id of organization whose members will be listed	path	string
filter	all	Filter members by type - either 'admins', 'non-admins', or 'all' (default).	query	string
start	(empty)	Only return members with a user ID greater than or equal to this ID.	query	string
limit	10	Maximum number of members per page of results.	query	Model Model Schema integer { } `{}` Click to set as parameter value

get /enzi/v0/accounts/{orgNameOrID}/adminMemberSyncConfig

Get options for syncing admin members of an organization

Response Class (Status 200)

{
  "enableSync": true,
  "selectGroupMembers": true,
  "groupDN": "string",
  "groupMemberAttr": "string",
  "searchBaseDN": "string",
  "searchScopeSubtree": true,
  "searchFilter": "string"
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
orgNameOrID	(empty)	Name or id of organization whose LDAP sync options to be retrieved	path	string

put /enzi/v0/accounts/{orgNameOrID}/adminMemberSyncConfig

Set options for syncing admin members of an organization

Response Class (Status 200)

{
  "enableSync": true,
  "selectGroupMembers": true,
  "groupDN": "string",
  "groupMemberAttr": "string",
  "searchBaseDN": "string",
  "searchScopeSubtree": true,
  "searchFilter": "string"
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
orgNameOrID	(empty)	Name or id of organization whose LDAP sync options to set	path	string
body			body	Model Model Schema forms.MemberSyncOpts { enableSync (boolean): Whether to enable LDAP syncing. If false, all other fields are ignored , selectGroupMembers (boolean): Whether to sync using a group DN and member attribute selection or to use a search filter (if false) , groupDN (string): The distinguished name of the LDAP group. Required if selectGroupMembers is true, ignored otherwise , groupMemberAttr (string): The name of the LDAP group entry attribute which corresponds to distinguished names of members. Required if selectGroupMembers is true, ignored otherwise , searchBaseDN (string): The distinguished name of the element from which the LDAP server will search for users. Required if selectGroupMembers is false, ignored otherwise , searchScopeSubtree (boolean): Whether to search for users in the entire subtree of the base DN or to only search one level under the base DN (if false). Required if selectGroupMembers is false, ignored otherwise , searchFilter (string): The LDAP search filter used to select users if selectGroupMembers is false, may be left blank } `{ "enableSync": true, "selectGroupMembers": true, "groupDN": "string", "groupMemberAttr": "string", "searchBaseDN": "string", "searchScopeSubtree": true, "searchFilter": "string" }` Click to set as parameter value

delete /enzi/v0/accounts/{orgNameOrID}/members/{memberNameOrID}

Remove a member from an organization

Parameter	Value	Description	Parameter Type	Data Type
orgNameOrID	(empty)	Name or id of organization in which the membership will be deleted	path	string
memberNameOrID	(empty)	Name or id of user whose membership will be deleted	path	string

get /enzi/v0/accounts/{orgNameOrID}/members/{memberNameOrID}

Details of a user's membership in an organization

Parameter	Value	Description	Parameter Type	Data Type
orgNameOrID	(empty)	Name or id of organization in which the membership will be retrieved	path	string
memberNameOrID	(empty)	Name or id of user whose membership will be retrieved	path	string

patch /enzi/v0/accounts/{orgNameOrID}/members/{memberNameOrID}

Update details of a user's membership in an organization

Parameter	Value	Description	Parameter Type	Data Type
orgNameOrID	(empty)	Name or id of organization in which the membership will be updated	path	string
memberNameOrID	(empty)	Name or id of user whose membership will be updated	path	string
body			body	Model Model Schema forms.SetMembership { isAdmin (boolean, optional): Whether the member should be an admin of the organization or team (default false), unchanged if nil or omitted } `{ "isAdmin": true }` Click to set as parameter value

put /enzi/v0/accounts/{orgNameOrID}/members/{memberNameOrID}

Add a member to an organization

Parameter	Value	Description	Parameter Type	Data Type
orgNameOrID	(empty)	Name or id of organization in which the membership will be added	path	string
memberNameOrID	(empty)	Name or id of user which will be added as a member	path	string
body			body	Model Model Schema forms.SetMembership { isAdmin (boolean, optional): Whether the member should be an admin of the organization or team (default false), unchanged if nil or omitted } `{ "isAdmin": true }` Click to set as parameter value

get /enzi/v0/accounts/{orgNameOrID}/teams

List teams in an organization

Parameter	Value	Description	Parameter Type	Data Type
orgNameOrID	(empty)	Name or id of organization whose teams will be listed	path	string
start	(empty)	Only return teams with a name greater than or equal to this name.	query	string
limit	10	Maximum number of teams per page of results.	query	Model Model Schema integer { } `{}` Click to set as parameter value

post /enzi/v0/accounts/{orgNameOrID}/teams

Create a team

Parameter	Value	Description	Parameter Type	Data Type
orgNameOrID	(empty)	Name or id of organization in which the team will be created	path	string
body			body	Model Model Schema forms.CreateTeam { name (string): Name of the team , description (string, optional): Description of the team } `{ "name": "string", "description": "string" }` Click to set as parameter value

delete /enzi/v0/accounts/{orgNameOrID}/teams/{teamNameOrID}

Delete a team

Parameter	Value	Description	Parameter Type	Data Type
teamNameOrID	(empty)	Name or id of team which will be deleted	path	string
orgNameOrID	(empty)	Name or id of organization in which the team will be deleted	path	string

get /enzi/v0/accounts/{orgNameOrID}/teams/{teamNameOrID}

Details for a team

Parameter	Value	Description	Parameter Type	Data Type
orgNameOrID	(empty)	Name or id of organization in which the team will be retrieved	path	string
teamNameOrID	(empty)	Name or id of team which will be retrieved	path	string

patch /enzi/v0/accounts/{orgNameOrID}/teams/{teamNameOrID}

Update details for a team

Parameter	Value	Description	Parameter Type	Data Type
orgNameOrID	(empty)	Name or id of organization in which the team will be updated	path	string
teamNameOrID	(empty)	Name or id of team which will be updated	path	string
body			body	Model Model Schema forms.UpdateTeam { name (string, optional): Name of the team, unchanged if nil or omitted , description (string, optional): Description of the team, unchanged if nil or omitted } `{ "name": "string", "description": "string" }` Click to set as parameter value

get /enzi/v0/accounts/{orgNameOrID}/members/{memberNameOrID}/teams

List a user's team membership in an organization

Parameter	Value	Description	Parameter Type	Data Type
orgNameOrID	(empty)	Name or id of organization in which the member's team memberships will be listed	path	string
memberNameOrID	(empty)	Name or id of user whose memberships will be listed	path	string
start	(empty)	Only return team memberships with a team ID greater than or equal to this ID.	query	string
limit	10	Maximum number of team memberships per page of results.	query	Model Model Schema integer { } `{}` Click to set as parameter value

get /enzi/v0/accounts/{orgNameOrID}/teams/{teamNameOrID}/members

List members of a team

Implementation Notes

Lists memberships in ascending order by user ID.

Response Class (Status 200)

{
  "members": [
    {
      "member": {
        "name": "string",
        "id": "string",
        "fullName": "string",
        "isOrg": true,
        "isAdmin": true,
        "isActive": true
      },
      "isAdmin": true
    }
  ]
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
orgNameOrID	(empty)	Name or id of organization in which the team's members will be listed'	path	string
teamNameOrID	(empty)	Name or id of team whose members will be listed	path	string
filter	all	Filter members by type - either 'admins', 'non-admins', or 'all' (default).	query	string
start	(empty)	Only return members with a user ID greater than or equal to this ID.	query	string
limit	10	Maximum number of members per page of results.	query	Model Model Schema integer { } `{}` Click to set as parameter value

get /enzi/v0/accounts/{orgNameOrID}/teams/{teamNameOrID}/memberSyncConfig

Get options for syncing members of a team

Response Class (Status 200)

{
  "enableSync": true,
  "selectGroupMembers": true,
  "groupDN": "string",
  "groupMemberAttr": "string",
  "searchBaseDN": "string",
  "searchScopeSubtree": true,
  "searchFilter": "string"
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
orgNameOrID	(empty)	Name or id of organization to which the team belongs	path	string
teamNameOrID	(empty)	Name or id of team whose LDAP sync config will be retrieved	path	string

put /enzi/v0/accounts/{orgNameOrID}/teams/{teamNameOrID}/memberSyncConfig

Set options for syncing members of a team

Response Class (Status 200)

{
  "enableSync": true,
  "selectGroupMembers": true,
  "groupDN": "string",
  "groupMemberAttr": "string",
  "searchBaseDN": "string",
  "searchScopeSubtree": true,
  "searchFilter": "string"
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
orgNameOrID	(empty)	Name or id of organization to which the team belongs	path	string
teamNameOrID	(empty)	Name or id of team whose LDAP sync config will be set	path	string
body			body	Model Model Schema forms.MemberSyncOpts { enableSync (boolean): Whether to enable LDAP syncing. If false, all other fields are ignored , selectGroupMembers (boolean): Whether to sync using a group DN and member attribute selection or to use a search filter (if false) , groupDN (string): The distinguished name of the LDAP group. Required if selectGroupMembers is true, ignored otherwise , groupMemberAttr (string): The name of the LDAP group entry attribute which corresponds to distinguished names of members. Required if selectGroupMembers is true, ignored otherwise , searchBaseDN (string): The distinguished name of the element from which the LDAP server will search for users. Required if selectGroupMembers is false, ignored otherwise , searchScopeSubtree (boolean): Whether to search for users in the entire subtree of the base DN or to only search one level under the base DN (if false). Required if selectGroupMembers is false, ignored otherwise , searchFilter (string): The LDAP search filter used to select users if selectGroupMembers is false, may be left blank } `{ "enableSync": true, "selectGroupMembers": true, "groupDN": "string", "groupMemberAttr": "string", "searchBaseDN": "string", "searchScopeSubtree": true, "searchFilter": "string" }` Click to set as parameter value

delete /enzi/v0/accounts/{orgNameOrID}/teams/{teamNameOrID}/members/{memberNameOrID}

Remove a member from a team

Parameter	Value	Description	Parameter Type	Data Type
memberNameOrID	(empty)	Name or id of user whose team membership will be deleted	path	string
orgNameOrID	(empty)	Name or id of organization in which the team membership will be deleted	path	string
teamNameOrID	(empty)	Name or id of the team in which the membership will be deleted	path	string

get /enzi/v0/accounts/{orgNameOrID}/teams/{teamNameOrID}/members/{memberNameOrID}

Details of a user's membership in a team

Parameter	Value	Description	Parameter Type	Data Type
orgNameOrID	(empty)	Name or id of organization in which the team membership will be retrieved	path	string
teamNameOrID	(empty)	Name or id of the team in which the membership will be retrieved	path	string
memberNameOrID	(empty)	Name or id of user whose team membership will be retrieved	path	string

patch /enzi/v0/accounts/{orgNameOrID}/teams/{teamNameOrID}/members/{memberNameOrID}

Update details of a user's membership in a team

Parameter	Value	Description	Parameter Type	Data Type
orgNameOrID	(empty)	Name or id of organization in which the team membership will be updated	path	string
teamNameOrID	(empty)	Name or id of the team in which the membership will be updated	path	string
memberNameOrID	(empty)	Name or id of user whose team membership will be updated	path	string
body			body	Model Model Schema forms.SetMembership { isAdmin (boolean, optional): Whether the member should be an admin of the organization or team (default false), unchanged if nil or omitted } `{ "isAdmin": true }` Click to set as parameter value

put /enzi/v0/accounts/{orgNameOrID}/teams/{teamNameOrID}/members/{memberNameOrID}

Add a member to a team

Parameter	Value	Description	Parameter Type	Data Type
orgNameOrID	(empty)	Name or id of organization in which the team membership will be added	path	string
teamNameOrID	(empty)	Name or id of the team in which the membership will be added	path	string
memberNameOrID	(empty)	Name or id of user which will be added as a member	path	string
body			body	Model Model Schema forms.SetMembership { isAdmin (boolean, optional): Whether the member should be an admin of the organization or team (default false), unchanged if nil or omitted } `{ "isAdmin": true }` Click to set as parameter value

get /enzi/v0/accounts/{accountNameOrID}/services

List services owned by an account

Implementation Notes

Lists services in ascending order by name.

Response Class (Status 200)

{
  "services": [
    {
      "id": "string",
      "ownerID": "string",
      "name": "string",
      "description": "string",
      "url": "string",
      "privileged": true,
      "redirectURIs": [
        "string"
      ],
      "jwksURIs": [
        "string"
      ],
      "providerIdentities": [
        "string"
      ],
      "caBundle": "string"
    }
  ]
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
accountNameOrID	(empty)	Name or id of account whose owned services will be listed	path	string
start	(empty)	Only return services with a name greater than or equal to this name.	query	string
limit	10	Maximum number of services per page of results.	query	Model Model Schema integer { } `{}` Click to set as parameter value

post /enzi/v0/accounts/{accountNameOrID}/services

Create a Service

Response Class (Status 201)

{
  "id": "string",
  "ownerID": "string",
  "name": "string",
  "description": "string",
  "url": "string",
  "privileged": true,
  "redirectURIs": [
    "string"
  ],
  "jwksURIs": [
    "string"
  ],
  "providerIdentities": [
    "string"
  ],
  "caBundle": "string"
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
accountNameOrID	(empty)	Name or ID of account which will own the service	path	string
body			body	Model Model Schema forms.CreateService { name (string): simple name of this service; unique to the owning account , description (string): short description of the service , url (string): web address for the service; must use 'https' , privileged (boolean): whether this service has implicit authorization to all accounts; can only be set by a system admin , redirectURIs (Array[string]): a list of URLs which serve as callbacks from Oauth authorization requests; all URLs must use 'https' , jwksURIs (Array[string]): a list of URLs for the service's JSON Web Key set, the set of public keys it used to sign authentication tokens. At least 1 and no more than 7 must be specified. URLs must use 'https'. Provide a caBundle value if they cannot be verified by a public certificate authority , providerIdentities (Array[string]): A list of identifiers that this service will use as the 'aud' (Audience) for its authentication tokens (the tokens must have at least one 'aud' value that matches). Identity tokens issued by the provider will also use the first matching 'aud' (Audience) value in the 'iss' (Issuer) field. A single address (hostname[:port]) for the auth provider is recommended, but up to 7 values may be specified to allow services which use multiple addresses (IPs or DNS names). Each may be no longer than 128 characters. At least one must be specified , caBundle (string): PEM certificate bundle used to verify the JWKs URL endpoints } `{ "name": "string", "description": "string", "url": "string", "privileged": true, "redirectURIs": [ "string" ], "jwksURIs": [ "string" ], "providerIdentities": [ "string" ], "caBundle": "string" }` Click to set as parameter value

delete /enzi/v0/accounts/{accountNameOrID}/services/{serviceNameOrID}

Delete a service

Parameter	Value	Description	Parameter Type	Data Type
accountNameOrID	(empty)	Name or id of which owns the service	path	string
serviceNameOrID	(empty)	Name or id of service which will be deleted	path	string

get /enzi/v0/accounts/{accountNameOrID}/services/{serviceNameOrID}

Details for a service

Response Class (Status 200)

{
  "id": "string",
  "ownerID": "string",
  "name": "string",
  "description": "string",
  "url": "string",
  "privileged": true,
  "redirectURIs": [
    "string"
  ],
  "jwksURIs": [
    "string"
  ],
  "providerIdentities": [
    "string"
  ],
  "caBundle": "string"
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
accountNameOrID	(empty)	Name or id of account which owns the service	path	string
serviceNameOrID	(empty)	Name or id of service which will be retrieved	path	string

patch /enzi/v0/accounts/{accountNameOrID}/services/{serviceNameOrID}

Update details for a service

Response Class (Status 200)

{
  "id": "string",
  "ownerID": "string",
  "name": "string",
  "description": "string",
  "url": "string",
  "privileged": true,
  "redirectURIs": [
    "string"
  ],
  "jwksURIs": [
    "string"
  ],
  "providerIdentities": [
    "string"
  ],
  "caBundle": "string"
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
accountNameOrID	(empty)	Name or id of account which owns the service	path	string
serviceNameOrID	(empty)	Name or id of service which will be updated	path	string
body			body	Model Model Schema forms.UpdateService { description (string, optional): short description of the service , url (string, optional): web address for the service; must use 'https' , privileged (boolean, optional): whether this service has implicit authorization to all accounts; can only be set by a system admin , redirectURIs (Array[string], optional): a list of URLs which serve as callbacks from Oauth authorization requests; all URLs must use 'https' , jwksURIs (Array[string], optional): a list of URLs for the service's JSON Web Key set, the set of public keys it used to sign authentication tokens; must use 'https' , providerIdentities (Array[string], optional): A list of identifiers that this service will use as the 'aud' (Audience) for its authentication tokens (the tokens must have at least one 'aud' value that matches). Identity tokens issued by the provider will also use the first matching 'aud' (Audience) value in the 'iss' (Issuer) field. A single address (hostname[:port]) for the auth provider is recommended, but up to 7 values may be specified to allow services which use multiple addresses (IPs or DNS names). Each may be no longer than 128 characters. At least one must be specified , caBundle (string, optional): PEM certificate bundle used to authenticate the JWKs URL endpoint } `{ "description": "string", "url": "string", "privileged": true, "redirectURIs": [ "string" ], "jwksURIs": [ "string" ], "providerIdentities": [ "string" ], "caBundle": "string" }` Click to set as parameter value

get /enzi/v0/accounts/{accountNameOrID}/publicKeys

List accountPublicKeys in an account

Parameter	Value	Description	Parameter Type	Data Type
accountNameOrID	(empty)	Name or id of the account whose accountPublicKeys will be listed	path	string
start	(empty)	Only return accountPublicKeys with a key ID greater than or equal to this name.	query	string
limit	10	Maximum number of accountPublicKeys per page of results.	query	Model Model Schema integer { } `{}` Click to set as parameter value

post /enzi/v0/accounts/{accountNameOrID}/publicKeys

Create a public key for an account

Parameter	Value	Description	Parameter Type	Data Type
accountNameOrID	(empty)	Name or id of account to fetch	path	string
body			body	Model Model Schema forms.CreateAccountPublicKey { publicKey (string): Encoded PEM for the public key , label (string, optional): Label or description for the key } `{ "publicKey": "string", "label": "string" }` Click to set as parameter value

delete /enzi/v0/accounts/{accountNameOrID}/publicKeys/{keyID}

Remove an account public key

Parameter	Value	Description	Parameter Type	Data Type
accountNameOrID	(empty)	Name or id of the account	path	string
keyID	(empty)	Public key id of the account	path	string

patch /enzi/v0/accounts/{accountNameOrID}/publicKeys/{keyID}

Update details for an account public key

Parameter	Value	Description	Parameter Type	Data Type
accountNameOrID	(empty)	Name or id of the account	path	string
keyID	(empty)	Public key id of the account	path	string
body			body	Model Model Schema forms.UpdateAccountPublicKey { label (string, optional): Label or description for the key } `{ "label": "string" }` Click to set as parameter value

get /api/v0/accounts/{orgname}/teams/{teamname}/repositoryAccess

List repository access grants for a team

Implementation Notes

Authorization: Client must be authenticated as a user who owns the organization the team is in or be a member of that team.

Response Class (Status 200)

string
Enum:	"read-only", "read-write", "admin"

string
Enum:	"user", "organization"

{
  "team": {
    "id": "string",
    "clientUserIsMember": true
  },
  "repositoryAccessList": [
    {
      "accessLevel": "read-only",
      "repository": {
        "id": "string",
        "namespace": "string",
        "namespaceType": "user",
        "name": "string",
        "shortDescription": "string",
        "longDescription": "string",
        "visibility": "public",
        "scanOnPush": true
      }
    }
  ]
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
orgname	(empty)	organization account name	path	string
teamname	(empty)	team name	path	string
start	(empty)	The ID of the first record on the page	query	string
limit	10	Maximum number of results to return	query	Model Model Schema integer { } `{}` Click to set as parameter value

Response Messages

HTTP Status Code

Reason

Response Model

Headers

400

the team does not belong to the organization

401

NOT_AUTHENTICATED: The client is not authenticated.

403

NOT_AUTHORIZED: The client is not authorized.

404

NO_SUCH_TEAM: A team with the given name does not exist in the organization.

405

NOT_ALLOWED: Method Not Allowed

406

NOT_ACCEPTABLE: Not Acceptable

415

UNSUPPORTED_MEDIA_TYPE: Unsupported Media Type

get /api/v0/accounts/{username}/repositoryAccess/{namespace}/{reponame}

Check a user's access to a repository

Implementation Notes

*Authorization:* Client must be authenticated either as the user in question or be a system admin.

Response Class (Status 200)

{
  "accessLevel": "read-only",
  "user": {
    "name": "string",
    "id": "string",
    "fullName": "string",
    "isOrg": true,
    "isAdmin": true,
    "isActive": true
  },
  "repository": {
    "id": "string",
    "namespace": "string",
    "namespaceType": "user",
    "name": "string",
    "shortDescription": "string",
    "longDescription": "string",
    "visibility": "public",
    "scanOnPush": true
  }
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
username	(empty)	user account name	path	string
namespace	(empty)	namespace/owner of repository	path	string
reponame	(empty)	name of repository	path	string

Response Messages

HTTP Status Code

Reason

Response Model

Headers

401

NOT_AUTHENTICATED: The client is not authenticated.

403

NOT_AUTHORIZED: The client is not authorized.

404

NO_SUCH_REPOSITORY: A repository with the given name does not exist.

405

NOT_ALLOWED: Method Not Allowed

406

NOT_ACCEPTABLE: Not Acceptable

415

UNSUPPORTED_MEDIA_TYPE: Unsupported Media Type

action_configs : ActionConfigs

- get /api/v0/action_configs
  - List all action configs
  Response Class (Status 200)
  Model
  
  Model Schema
  
  tmpresponses.ActionConfigs {
  actionConfigs (Array[tmpresponses.ActionConfig])
  }
  tmpresponses.ActionConfig {
  id (string),
  action (string),
  maxJobsPerWorker (integer),
  heartbeatTimeout (string),
  parameters (object)
  }
  integer {
  }
  
  { "actionConfigs": [ { "id": "string", "action": "string", "maxJobsPerWorker": {}, "heartbeatTimeout": "string", "parameters": {} } ] }
  Response Content Type
  
  Curl
  
  Request URL
  
  Response Body
  
  Response Code
  
  Response Headers

delete /api/v0/action_configs/{action}

Delete the action config. The defaults will be used.

get /api/v0/action_configs/{action}

Get info about the actionConfig with the given action

admin : Admin

post /enzi/v0/admin/importAccounts

Admin-only endpoint to import many users and organizations. This endpoint allows adding managed users with password hashes and is used for our migrations processes.

config : Config

- get /enzi/v0/config/auth
  - Retrieve current system auth configuration
  Response Class (Status 200)
  Model
  
  Model Schema
  
  responses.AuthConfig {
  backend (string):
  The name of the auth backend to use
  = ['managed', 'ldap']
  string
  Enum: "managed", "ldap"
  }
  
  { "backend": "managed" }
  Response Content Type
  
  Curl
  
  Request URL
  
  Response Body
  
  Response Code
  
  Response Headers

put /enzi/v0/config/auth

Set system auth configuration

- get /enzi/v0/config/auth/ldap
  - Retrieve current system LDAP configuration
  Response Class (Status 200)
  Model
  
  Model Schema
  
  responses.LDAPSettings {
  recoveryAdminUsername (string):
  The user with this name will be able to authenticate to the system even when the LDAP server is unavailable or if auth is misconfigured
  ,
  serverURL (string):
  The URL of the LDAP server
  ,
  noSimplePagination (boolean):
  The server does not support the Simple Paged Results control extension (RFC 2696)
  ,
  startTLS (boolean):
  Whether to use StartTLS to secure the connection to the server, ignored if server URL scheme is 'ldaps://'
  ,
  rootCerts (string):
  A root certificate bundle to use when establishing a TLS connection to the server
  ,
  tlsSkipVerify (boolean):
  Whether to skip verifying of the server's certificate when establishing a TLS connection, not recommended unless testing on a secure network
  ,
  readerDN (string):
  The distinguished name the system will use to bind to the LDAP server when performing searches
  ,
  readerPassword (string):
  The password that the system will use to bind to the LDAP server when performing searches
  ,
  userSearchConfigs (Array[responses.UserSearchOpts]):
  One or more settings for syncing users
  ,
  adminSyncOpts (responses.MemberSyncOpts):
  Settings for syncing system admin users
  ,
  syncSchedule (string):
  The sync job schedule in CRON format
  
  }
  responses.UserSearchOpts {
  baseDN (string):
  The distinguished name of the element from which the LDAP server will search for users
  ,
  scopeSubtree (boolean):
  Whether to search for users in the entire subtree of the base DN or to only search one level under the base DN (if false)
  ,
  usernameAttr (string):
  The name of the attribute of the LDAP user element which should be selected as the username
  ,
  fullNameAttr (string):
  The name of the attribute of the LDAP user element which should be selected as the full name of the user
  ,
  filter (string):
  The LDAP search filter used to select user elements, may be left blank
  
  }
  responses.MemberSyncOpts {
  enableSync (boolean):
  Whether to enable LDAP syncing. If false, all other fields are ignored
  ,
  selectGroupMembers (boolean):
  Whether to sync using a group DN and member attribute selection or to use a search filter (if false)
  ,
  groupDN (string):
  The distinguished name of the LDAP group. Applicable only if selectGroupMembers is true, ignored otherwise
  ,
  groupMemberAttr (string):
  The name of the LDAP group entry attribute which corresponds to distinguished names of members. Applicable only if selectGroupMembers is true, ignored otherwise
  ,
  searchBaseDN (string):
  The distinguished name of the element from which the LDAP server will search for users. Applicable only if selectGroupMembers is false, ignored otherwise
  ,
  searchScopeSubtree (boolean):
  Whether to search for users in the entire subtree of the base DN or to only search one level under the base DN (if false). Applicable only if selectGroupMembers is false, ignored otherwise
  ,
  searchFilter (string):
  The LDAP search filter used to select users if selectGroupMembers is false, may be left blank
  
  }
  
  { "recoveryAdminUsername": "string", "serverURL": "string", "noSimplePagination": true, "startTLS": true, "rootCerts": "string", "tlsSkipVerify": true, "readerDN": "string", "readerPassword": "string", "userSearchConfigs": [ { "baseDN": "string", "scopeSubtree": true, "usernameAttr": "string", "fullNameAttr": "string", "filter": "string" } ], "adminSyncOpts": { "enableSync": true, "selectGroupMembers": true, "groupDN": "string", "groupMemberAttr": "string", "searchBaseDN": "string", "searchScopeSubtree": true, "searchFilter": "string" }, "syncSchedule": "string" }
  Response Content Type
  
  Curl
  
  Request URL
  
  Response Body
  
  Response Code
  
  Response Headers

put /enzi/v0/config/auth/ldap

Set system LDAP configuration

Response Class (Status 200)

responses.LDAPSettings {

recoveryAdminUsername (string):

The user with this name will be able to authenticate to the system even when the LDAP server is unavailable or if auth is misconfigured

serverURL (string):

The URL of the LDAP server

noSimplePagination (boolean):

The server does not support the Simple Paged Results control extension (RFC 2696)

startTLS (boolean):

Whether to use StartTLS to secure the connection to the server, ignored if server URL scheme is 'ldaps://'

rootCerts (string):

A root certificate bundle to use when establishing a TLS connection to the server

tlsSkipVerify (boolean):

Whether to skip verifying of the server's certificate when establishing a TLS connection, not recommended unless testing on a secure network

readerDN (string):

The distinguished name the system will use to bind to the LDAP server when performing searches

readerPassword (string):

The password that the system will use to bind to the LDAP server when performing searches

userSearchConfigs (Array[responses.UserSearchOpts]):

One or more settings for syncing users

adminSyncOpts (responses.MemberSyncOpts):

Settings for syncing system admin users

syncSchedule (string):

The sync job schedule in CRON format

}
responses.UserSearchOpts {

baseDN (string):

The distinguished name of the element from which the LDAP server will search for users

scopeSubtree (boolean):

Whether to search for users in the entire subtree of the base DN or to only search one level under the base DN (if false)

usernameAttr (string):

The name of the attribute of the LDAP user element which should be selected as the username

fullNameAttr (string):

The name of the attribute of the LDAP user element which should be selected as the full name of the user

filter (string):

The LDAP search filter used to select user elements, may be left blank

}
responses.MemberSyncOpts {

enableSync (boolean):

Whether to enable LDAP syncing. If false, all other fields are ignored

selectGroupMembers (boolean):

Whether to sync using a group DN and member attribute selection or to use a search filter (if false)

groupDN (string):

The distinguished name of the LDAP group. Applicable only if selectGroupMembers is true, ignored otherwise

groupMemberAttr (string):

The name of the LDAP group entry attribute which corresponds to distinguished names of members. Applicable only if selectGroupMembers is true, ignored otherwise

searchBaseDN (string):

The distinguished name of the element from which the LDAP server will search for users. Applicable only if selectGroupMembers is false, ignored otherwise

searchScopeSubtree (boolean):

Whether to search for users in the entire subtree of the base DN or to only search one level under the base DN (if false). Applicable only if selectGroupMembers is false, ignored otherwise

searchFilter (string):

The LDAP search filter used to select users if selectGroupMembers is false, may be left blank

}

{
  "recoveryAdminUsername": "string",
  "serverURL": "string",
  "noSimplePagination": true,
  "startTLS": true,
  "rootCerts": "string",
  "tlsSkipVerify": true,
  "readerDN": "string",
  "readerPassword": "string",
  "userSearchConfigs": [
    {
      "baseDN": "string",
      "scopeSubtree": true,
      "usernameAttr": "string",
      "fullNameAttr": "string",
      "filter": "string"
    }
  ],
  "adminSyncOpts": {
    "enableSync": true,
    "selectGroupMembers": true,
    "groupDN": "string",
    "groupMemberAttr": "string",
    "searchBaseDN": "string",
    "searchScopeSubtree": true,
    "searchFilter": "string"
  },
  "syncSchedule": "string"
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
body			body	Model Model Schema forms.LDAPSettings { recoveryAdminUsername (string): The user with this name will be able to authenticate to the system even when the LDAP server is unavailable or if auth is misconfigured , recoveryAdminPassword (string, optional): A secure hash of this password is stored locally so that you can still login with the recovery admin username if the LDAP server is unavailable or if auth is misconfigured. May be nil or omitted to leave the current password unchanged , serverURL (string): The URL of the LDAP server , noSimplePagination (boolean): The server does not support the Simple Paged Results control extension (RFC 2696) , startTLS (boolean): Whether to use StartTLS to secure the connection to the server, ignored if server URL scheme is 'ldaps://' , rootCerts (string): A root certificate PEM bundle to use when establishing a TLS connection to the server , tlsSkipVerify (boolean): Whether to skip verifying of the server's certificate when establishing a TLS connection, not recommended unless testing on a secure network , readerDN (string): The distinguished name the system will use to bind to the LDAP server when performing searches , readerPassword (string): The password that the system will use to bind to the LDAP server when performing searches , userSearchConfigs (Array[forms.UserSearchOpts]): One or more settings for syncing users , adminSyncOpts (forms.MemberSyncOpts): Settings for syncing system admin users , syncSchedule (string): The scheduled time for automatic LDAP sync jobs, in CRON format with seconds omitted, default is @hourly if empty or omitted } forms.UserSearchOpts { baseDN (string): The distinguished name of the element from which the LDAP server will search for users , scopeSubtree (boolean): Whether to search for users in the entire subtree of the base DN or to only search one level under the base DN (if false) , usernameAttr (string): The name of the attribute of the LDAP user element which should be selected as the username , fullNameAttr (string): The name of the attribute of the LDAP user element which should be selected as the full name of the user , filter (string): The LDAP search filter used to select user elements, may be left blank } forms.MemberSyncOpts { enableSync (boolean): Whether to enable LDAP syncing. If false, all other fields are ignored , selectGroupMembers (boolean): Whether to sync using a group DN and member attribute selection or to use a search filter (if false) , groupDN (string): The distinguished name of the LDAP group. Required if selectGroupMembers is true, ignored otherwise , groupMemberAttr (string): The name of the LDAP group entry attribute which corresponds to distinguished names of members. Required if selectGroupMembers is true, ignored otherwise , searchBaseDN (string): The distinguished name of the element from which the LDAP server will search for users. Required if selectGroupMembers is false, ignored otherwise , searchScopeSubtree (boolean): Whether to search for users in the entire subtree of the base DN or to only search one level under the base DN (if false). Required if selectGroupMembers is false, ignored otherwise , searchFilter (string): The LDAP search filter used to select users if selectGroupMembers is false, may be left blank } { "recoveryAdminUsername": "string", "recoveryAdminPassword": "string", "serverURL": "string", "noSimplePagination": true, "startTLS": true, "rootCerts": "string", "tlsSkipVerify": true, "readerDN": "string", "readerPassword": "string", "userSearchConfigs": [ { "baseDN": "string", "scopeSubtree": true, "usernameAttr": "string", "fullNameAttr": "string", "filter": "string" } ], "adminSyncOpts": { "enableSync": true, "selectGroupMembers": true, "groupDN": "string", "groupMemberAttr": "string", "searchBaseDN": "string", "searchScopeSubtree": true, "searchFilter": "string" }, "syncSchedule": "string" } Click to set as parameter value

post /enzi/v0/config/auth/ldap/tryLogin

Attempt to login with the given LDAP settings

Response Class (Status 200)

{
  "name": "string",
  "id": "string",
  "fullName": "string",
  "isOrg": true,
  "isAdmin": true,
  "isActive": true
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
body			body	Model Model Schema forms.TryLdapLogin { username (string): Value of the specified username attribute for the user entry in the LDAP directory , password (string): The password that the system will use to bind to the LDAP server when authenticating the user , ldapSettings (forms.LDAPSettings): Various options for LDAP syncing } forms.LDAPSettings { recoveryAdminUsername (string): The user with this name will be able to authenticate to the system even when the LDAP server is unavailable or if auth is misconfigured , recoveryAdminPassword (string, optional): A secure hash of this password is stored locally so that you can still login with the recovery admin username if the LDAP server is unavailable or if auth is misconfigured. May be nil or omitted to leave the current password unchanged , serverURL (string): The URL of the LDAP server , noSimplePagination (boolean): The server does not support the Simple Paged Results control extension (RFC 2696) , startTLS (boolean): Whether to use StartTLS to secure the connection to the server, ignored if server URL scheme is 'ldaps://' , rootCerts (string): A root certificate PEM bundle to use when establishing a TLS connection to the server , tlsSkipVerify (boolean): Whether to skip verifying of the server's certificate when establishing a TLS connection, not recommended unless testing on a secure network , readerDN (string): The distinguished name the system will use to bind to the LDAP server when performing searches , readerPassword (string): The password that the system will use to bind to the LDAP server when performing searches , userSearchConfigs (Array[forms.UserSearchOpts]): One or more settings for syncing users , adminSyncOpts (forms.MemberSyncOpts): Settings for syncing system admin users , syncSchedule (string): The scheduled time for automatic LDAP sync jobs, in CRON format with seconds omitted, default is @hourly if empty or omitted } forms.UserSearchOpts { baseDN (string): The distinguished name of the element from which the LDAP server will search for users , scopeSubtree (boolean): Whether to search for users in the entire subtree of the base DN or to only search one level under the base DN (if false) , usernameAttr (string): The name of the attribute of the LDAP user element which should be selected as the username , fullNameAttr (string): The name of the attribute of the LDAP user element which should be selected as the full name of the user , filter (string): The LDAP search filter used to select user elements, may be left blank } forms.MemberSyncOpts { enableSync (boolean): Whether to enable LDAP syncing. If false, all other fields are ignored , selectGroupMembers (boolean): Whether to sync using a group DN and member attribute selection or to use a search filter (if false) , groupDN (string): The distinguished name of the LDAP group. Required if selectGroupMembers is true, ignored otherwise , groupMemberAttr (string): The name of the LDAP group entry attribute which corresponds to distinguished names of members. Required if selectGroupMembers is true, ignored otherwise , searchBaseDN (string): The distinguished name of the element from which the LDAP server will search for users. Required if selectGroupMembers is false, ignored otherwise , searchScopeSubtree (boolean): Whether to search for users in the entire subtree of the base DN or to only search one level under the base DN (if false). Required if selectGroupMembers is false, ignored otherwise , searchFilter (string): The LDAP search filter used to select users if selectGroupMembers is false, may be left blank } { "username": "string", "password": "string", "ldapSettings": { "recoveryAdminUsername": "string", "recoveryAdminPassword": "string", "serverURL": "string", "noSimplePagination": true, "startTLS": true, "rootCerts": "string", "tlsSkipVerify": true, "readerDN": "string", "readerPassword": "string", "userSearchConfigs": [ { "baseDN": "string", "scopeSubtree": true, "usernameAttr": "string", "fullNameAttr": "string", "filter": "string" } ], "adminSyncOpts": { "enableSync": true, "selectGroupMembers": true, "groupDN": "string", "groupMemberAttr": "string", "searchBaseDN": "string", "searchScopeSubtree": true, "searchFilter": "string" }, "syncSchedule": "string" } } Click to set as parameter value

- get /enzi/v0/config/openid
  - Retrieve current system OpenID configuration
  Response Class (Status 200)
  Model
  
  Model Schema
  
  responses.OpenIDConfig {
  issuerIdentifier (string):
  The Issuer Identifier for the system's OpenID Connect provider
  
  }
  
  { "issuerIdentifier": "string" }
  Response Content Type
  
  Curl
  
  Request URL
  
  Response Body
  
  Response Code
  
  Response Headers

put /enzi/v0/config/openid

Set system OpenID configuration

- get /enzi/v0/config/accounts
  - Retrieve current system accounts configuration
  Response Class (Status 200)
  Model
  
  Model Schema
  
  responses.AccountsConfig {
  systemAccounts (Array[string]):
  Names of critical system accounts which cannot be deleted via the API
  ,
  usersCount (integer):
  The count of the users in the system
  ,
  orgsCount (integer):
  The count of the orgs in the system
  
  }
  integer {
  }
  
  { "systemAccounts": [ "string" ], "usersCount": {}, "orgsCount": {} }
  Response Content Type
  
  Curl
  
  Request URL
  
  Response Body
  
  Response Code
  
  Response Headers

crons : Crons

- get /api/v0/crons
  - List all crons
  Response Class (Status 200)
  Model
  
  Model Schema
  
  tmpresponses.Crons {
  crons (Array[tmpresponses.Cron])
  }
  tmpresponses.Cron {
  id (string),
  action (string),
  schedule (string),
  retries (integer),
  parameters (object),
  deadline (string),
  stopTimeout (string),
  nextRun (string)
  }
  integer {
  }
  
  { "crons": [ { "id": "string", "action": "string", "schedule": "string", "retries": {}, "parameters": {}, "deadline": "string", "stopTimeout": "string", "nextRun": "2019-04-21T11:38:39.605Z" } ] }
  Response Content Type
  
  Curl
  
  Request URL
  
  Response Body
  
  Response Code
  
  Response Headers

delete /api/v0/crons/{action}

Delete the cron. Jobs created from it will not be canceled.

get /api/v0/crons/{action}

Get info about the cron with the given action

events : Events

get /api/v0/events

Get Events

Response Class (Status 200)

{
  "events": [
    {
      "id": "string",
      "publishedAt": "2019-04-21T11:38:39.608Z",
      "actor": "string",
      "type": "string",
      "object": {
        "id": "string",
        "type": "string"
      }
    }
  ]
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
start	(empty)	The ID of the first record on the page	query	string
limit	10	Maximum number of results to return	query	Model Model Schema integer { } `{}` Click to set as parameter value
publishedBefore	(empty)		query	date-time
publishedAfter	(empty)		query	undefined
actorId	(empty)	UUID of the user or organization that performed the event	query	string
eventType	(empty)	Type of events to filter by	query	string

Response Messages

HTTP Status Code

Reason

Response Model

Headers

400

INVALID_PARAMETERS: Unable to parse query parameters

401

NOT_AUTHENTICATED: The client is not authenticated.

403

NOT_AUTHORIZED: The client is not authorized.

405

NOT_ALLOWED: Method Not Allowed

406

NOT_ACCEPTABLE: Not Acceptable

415

UNSUPPORTED_MEDIA_TYPE: Unsupported Media Type

index : Index

get /api/v0/index/dockersearch

Search Docker repositories

get /api/v0/index/autocomplete

Autocompletion for repositories and/or accounts

Implementation Notes

Repository results will be filtered to only those repositories visible to the client. Account results will not be filtered.

Response Class (Status 200)

{
  "accountResults": [
    {
      "name": "string",
      "id": "string",
      "fullName": "string",
      "isOrg": true,
      "isAdmin": true,
      "isActive": true
    }
  ],
  "repositoryResults": [
    {
      "id": "string",
      "namespace": "string",
      "namespaceType": "user",
      "name": "string",
      "shortDescription": "string",
      "longDescription": "string",
      "visibility": "public",
      "scanOnPush": true
    }
  ]
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
query	(empty)	Autocomplete query	query	string
includeRepositories		Whether to include repositories in the response	query	boolean
includeAccounts		Whether to include accounts in the response	query	boolean
namespace	(empty)	Exact repository namespace to limit results to.	query	string

Response Messages

HTTP Status Code

Reason

Response Model

Headers

401

NOT_AUTHENTICATED: The client is not authenticated.

405

NOT_ALLOWED: Method Not Allowed

406

NOT_ACCEPTABLE: Not Acceptable

415

UNSUPPORTED_MEDIA_TYPE: Unsupported Media Type

jobs : Jobs

meta : Admin

get /api/v0/meta/cluster_status

Get cluster status

nautilus : Docker Security Scanner

get /api/v0/nautilus/repositories/{namespace}/{reponame}/{tag}

Get the summary info on a namespace/repo:tag

Response Class (Status 200)

{
  "namespace": "string",
  "reponame": "string",
  "tag": "string",
  "critical": {},
  "major": {},
  "minor": {},
  "healthy": {},
  "last_scan_status": {},
  "check_completed_at": "2019-04-21T11:38:39.630Z",
  "layer_details": [
    {
      "sha256sum": "string",
      "size": {},
      "docker_command_line": "string",
      "components": [
        {
          "component": "string",
          "version": "string",
          "license": [
            {}
          ],
          "vulns": [
            {
              "vuln": {
                "cve": "string",
                "cvss": 0,
                "summary": "string"
              },
              "exact": true
            }
          ],
          "fullpath": [
            "string"
          ]
        }
      ]
    }
  ]
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
namespace	(empty)	namespace/owner of repository	path	string
reponame	(empty)	name of repository	path	string
tag	(empty)	tag name	path	string
detailed		Whether to include detailed summary results	query	boolean

Response Messages

HTTP Status Code

Reason

Response Model

Headers

401

NOT_AUTHENTICATED: The client is not authenticated.

404

NO_SUCH_TAG: A tag with the given name does not exist for the given repository.

405

NOT_ALLOWED: Method Not Allowed

406

NOT_ACCEPTABLE: Not Acceptable

415

UNSUPPORTED_MEDIA_TYPE: Unsupported Media Type

get /api/v0/nautilus/layer/{layerid}

Get the layer info from the given sha

get /api/v0/nautilus/scan/{namespace}/{reponame}/{tag}

Get the status of a scan or a scan/check of given image

post /api/v0/nautilus/scan/{namespace}/{reponame}/{tag}

Do a scan or a scan/check of given image

put /api/v0/nautilus/scan/init

Initialize the vulnerability Database

patch /api/v0/nautilus/scan/update

Update the vulnerability database for security scanning

get /api/v0/nautilus/db

Get the status and version of the nautilus DB

repositories : Repositories

get /api/v0/repositories

List all repositories

Implementation Notes

Authorization: Client must be authenticated as any active user in the system. Results will be filtered to only those repositories visible to the client.

Response Class (Status 200)

{
  "repositories": [
    {
      "id": "string",
      "namespace": "string",
      "namespaceType": "user",
      "name": "string",
      "shortDescription": "string",
      "longDescription": "string",
      "visibility": "public",
      "scanOnPush": true
    }
  ]
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
start	(empty)	The ID of the first record on the page	query	string
limit	10	Maximum number of results to return	query	Model Model Schema integer { } `{}` Click to set as parameter value

Response Messages

HTTP Status Code

Reason

Response Model

Headers

401

NOT_AUTHENTICATED: The client is not authenticated.

405

NOT_ALLOWED: Method Not Allowed

406

NOT_ACCEPTABLE: Not Acceptable

415

UNSUPPORTED_MEDIA_TYPE: Unsupported Media Type

get /api/v0/repositories/{namespace}

List repositories in a namespace

Implementation Notes

Authorization: Client must be authenticated as any active user in the system. Results will be filtered to only those repositories visible to the client.

Response Class (Status 200)

{
  "repositories": [
    {
      "id": "string",
      "namespace": "string",
      "namespaceType": "user",
      "name": "string",
      "shortDescription": "string",
      "longDescription": "string",
      "visibility": "public",
      "scanOnPush": true
    }
  ]
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
namespace	(empty)	namespace/owner of repository	path	string
start	(empty)	The ID of the first record on the page	query	string
limit	10	Maximum number of results to return	query	Model Model Schema integer { } `{}` Click to set as parameter value

Response Messages

HTTP Status Code

Reason

Response Model

Headers

401

NOT_AUTHENTICATED: The client is not authenticated.

404

NO_SUCH_ACCOUNT: An account with the given name does not exist.

405

NOT_ALLOWED: Method Not Allowed

406

NOT_ACCEPTABLE: Not Acceptable

415

UNSUPPORTED_MEDIA_TYPE: Unsupported Media Type

post /api/v0/repositories/{namespace}

Create repository

Implementation Notes

Authorization: Client must be authenticated as a user who has admin access to the repository namespace (i.e., user owns the repo or is a member of a team with "admin" level access to the organization's namespace of repositories).

Response Class (Status 201)

{
  "id": "string",
  "namespace": "string",
  "namespaceType": "user",
  "name": "string",
  "shortDescription": "string",
  "longDescription": "string",
  "visibility": "public",
  "scanOnPush": true
}

Response Content Type

Parameters

Parameter Value Description Parameter Type Data Type

namespace

(empty)

namespace/owner of repository

path

string

body

{
  "name": "string",
  "shortDescription": "string",
  "longDescription": "string",
  "visibility": "public",
  "scanOnPush": true
}

Click to set as parameter value

Response Messages

HTTP Status Code

Reason

Response Model

Headers

400

REPOSITORY_EXISTS: A repository with the same name already exists.

401

NOT_AUTHENTICATED: The client is not authenticated.

403

NOT_AUTHORIZED: The client is not authorized.

404

NO_SUCH_ACCOUNT: An account with the given name does not exist.

405

NOT_ALLOWED: Method Not Allowed

406

NOT_ACCEPTABLE: Not Acceptable

415

UNSUPPORTED_MEDIA_TYPE: Unsupported Media Type

delete /api/v0/repositories/{namespace}/{reponame}

Remove a repository

get /api/v0/repositories/{namespace}/{reponame}

View details of a repository

patch /api/v0/repositories/{namespace}/{reponame}

Update details of a repository

Implementation Notes

Authorization: Client must be authenticated as a user who has "admin" access to the repository (i.e., user owns the repo or is a member of a team with "admin" level access to the organization"s repository).

Note that a repository cannot be renamed this way.

Response Class (Status 200)

{
  "id": "string",
  "namespace": "string",
  "namespaceType": "user",
  "name": "string",
  "shortDescription": "string",
  "longDescription": "string",
  "visibility": "public",
  "scanOnPush": true
}

Response Content Type

Parameters

Parameter Value Description Parameter Type Data Type

namespace

(empty)

namespace/owner of repository

path

string

reponame

(empty)

name of repository

path

string

body

{
  "shortDescription": "string",
  "longDescription": "string",
  "visibility": "public",
  "scanOnPush": true
}

Click to set as parameter value

Response Messages

HTTP Status Code

Reason

Response Model

Headers

400

INVALID_REPOSITORY_VISIBILITY: The visibility value of the repository is invalid.

401

NOT_AUTHENTICATED: The client is not authenticated.

403

NOT_AUTHORIZED: The client is not authorized.

404

NO_SUCH_REPOSITORY: A repository with the given name does not exist.

405

NOT_ALLOWED: Method Not Allowed

406

NOT_ACCEPTABLE: Not Acceptable

415

UNSUPPORTED_MEDIA_TYPE: Unsupported Media Type

post /api/v0/repositories/scan/toggle

Toggles scan on push for all repositories

get /api/v0/repositories/{namespace}/{reponame}/teamAccess

List teams granted access to an organization-owned repository

Implementation Notes

Authorization: Client must be authenticated as a user who has "admin" level access to the repository.

Response Class (Status 200)

{
  "repository": {
    "id": "string",
    "namespace": "string",
    "namespaceType": "user",
    "name": "string",
    "shortDescription": "string",
    "longDescription": "string",
    "visibility": "public",
    "scanOnPush": true
  },
  "teamAccessList": [
    {
      "accessLevel": "read-only",
      "team": {
        "id": "string",
        "clientUserIsMember": true
      }
    }
  ]
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
namespace	(empty)	namespace/owner of repository	path	string
reponame	(empty)	name of repository	path	string
start	(empty)	The ID of the first record on the page	query	string
limit	10	Maximum number of results to return	query	Model Model Schema integer { } `{}` Click to set as parameter value

Response Messages

HTTP Status Code

Reason

Response Model

Headers

400

the repository is not owned by an organization

401

NOT_AUTHENTICATED: The client is not authenticated.

403

NOT_AUTHORIZED: The client is not authorized.

404

NO_SUCH_REPOSITORY: A repository with the given name does not exist.

405

NOT_ALLOWED: Method Not Allowed

406

NOT_ACCEPTABLE: Not Acceptable

415

UNSUPPORTED_MEDIA_TYPE: Unsupported Media Type

delete /api/v0/repositories/{namespace}/{reponame}/teamAccess/{teamname}

Revoke a team's acccess to an organization-owned repository

put /api/v0/repositories/{namespace}/{reponame}/teamAccess/{teamname}

Set a team's access to an orgnization-owned repository

Implementation Notes

Authorization: Client must be authenticated as a user who has "admin" level access to the repository.

Response Class (Status 200)

{
  "accessLevel": "read-only",
  "team": {
    "id": "string",
    "clientUserIsMember": true
  },
  "repository": {
    "id": "string",
    "namespace": "string",
    "namespaceType": "user",
    "name": "string",
    "shortDescription": "string",
    "longDescription": "string",
    "visibility": "public",
    "scanOnPush": true
  }
}

Response Content Type

Parameters

Parameter Value Description Parameter Type Data Type

namespace

(empty)

namespace/owner of repository

path

string

reponame

(empty)

name of repository

path

string

teamname

(empty)

team name

path

string

body

{
  "accessLevel": "read-only"
}

Click to set as parameter value

Response Messages

HTTP Status Code

Reason

Response Model

Headers

400

the team does not belong to the organization

401

NOT_AUTHENTICATED: The client is not authenticated.

403

NOT_AUTHORIZED: The client is not authorized.

404

NO_SUCH_TEAM: A team with the given name does not exist in the organization.

405

NOT_ALLOWED: Method Not Allowed

406

NOT_ACCEPTABLE: Not Acceptable

415

UNSUPPORTED_MEDIA_TYPE: Unsupported Media Type

get /api/v0/repositories/{namespace}/{reponame}/tags

List the available tags for a repository

Implementation Notes

Authorization: Client must be authenticated as a user who has visibility to the repository.

Response Class (Status 200)

[
  {
    "name": "string",
    "digest": "string",
    "author": "string",
    "updatedAt": "2019-04-21T11:38:39.658Z",
    "hashMismatch": true,
    "inNotary": true,
    "manifest": {
      "digest": "string",
      "os": "string",
      "architecture": "string",
      "mediaType": "string",
      "layers": [
        {
          "digest": "string",
          "size": {},
          "mediaType": "string",
          "dockerfileLine": "string"
        }
      ],
      "size": {},
      "createdAt": "2019-04-21T11:38:39.658Z",
      "author": "string",
      "dockerfile": [
        {
          "line": "string",
          "layerDigest": "string",
          "size": {},
          "isEmpty": true
        }
      ]
    }
  }
]

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
namespace	(empty)	namespace/owner of repository	path	string
reponame	(empty)	name of repository	path	string

Response Messages

HTTP Status Code

Reason

Response Model

Headers

401

NOT_AUTHENTICATED: The client is not authenticated.

403

NOT_AUTHORIZED: The client is not authorized.

404

NO_SUCH_REPOSITORY: A repository with the given name does not exist.

405

NOT_ALLOWED: Method Not Allowed

406

NOT_ACCEPTABLE: Not Acceptable

415

UNSUPPORTED_MEDIA_TYPE: Unsupported Media Type

get /api/v0/repositories/{namespace}/{reponame}/tags/{tag}/trust

Get Notary trust info about a specific tag

Implementation Notes

Repository results will be filtered to only those repositories visible to the client.

Response Class (Status 200)

{
  "name": "string",
  "digest": "string",
  "author": "string",
  "updatedAt": "2019-04-21T11:38:39.659Z",
  "hashMismatch": true,
  "inNotary": true,
  "manifest": {
    "digest": "string",
    "os": "string",
    "architecture": "string",
    "mediaType": "string",
    "layers": [
      {
        "digest": "string",
        "size": {},
        "mediaType": "string",
        "dockerfileLine": "string"
      }
    ],
    "size": {},
    "createdAt": "2019-04-21T11:38:39.659Z",
    "author": "string",
    "dockerfile": [
      {
        "line": "string",
        "layerDigest": "string",
        "size": {},
        "isEmpty": true
      }
    ]
  }
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
namespace	(empty)	namespace/owner of repository	path	string
reponame	(empty)	name of repository	path	string
tag	(empty)	tag name	path	string

Response Messages

HTTP Status Code

Reason

Response Model

Headers

401

NOT_AUTHENTICATED: The client is not authenticated.

403

NOT_AUTHORIZED: The client is not authorized.

404

NO_SUCH_TAG: A tag with the given name does not exist for the given repository.

405

NOT_ALLOWED: Method Not Allowed

406

NOT_ACCEPTABLE: Not Acceptable

415

UNSUPPORTED_MEDIA_TYPE: Unsupported Media Type

delete /api/v0/repositories/{namespace}/{reponame}/tags/{tag}

Delete a tag for a repository

get /api/v0/repositories/{namespace}/{reponame}/manifests

List the available manifests for a repository

Implementation Notes

Authorization: Client must be authenticated as a user who has visibility to the repository.

Response Class (Status 200)

[
  {
    "digest": "string",
    "os": "string",
    "architecture": "string",
    "mediaType": "string",
    "layers": [
      {
        "digest": "string",
        "size": {},
        "mediaType": "string",
        "dockerfileLine": "string"
      }
    ],
    "size": {},
    "createdAt": "2019-04-21T11:38:39.663Z",
    "author": "string",
    "dockerfile": [
      {
        "line": "string",
        "layerDigest": "string",
        "size": {},
        "isEmpty": true
      }
    ]
  }
]

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
namespace	(empty)	namespace/owner of repository	path	string
reponame	(empty)	name of repository	path	string

Response Messages

HTTP Status Code

Reason

Response Model

Headers

401

NOT_AUTHENTICATED: The client is not authenticated.

404

NO_SUCH_REPOSITORY: A repository with the given name does not exist.

405

NOT_ALLOWED: Method Not Allowed

406

NOT_ACCEPTABLE: Not Acceptable

415

UNSUPPORTED_MEDIA_TYPE: Unsupported Media Type

delete /api/v0/repositories/{namespace}/{reponame}/manifests/{reference}

Delete a manifest for a repository

repositoryNamespaces : Repository Namespaces

get /api/v0/repositoryNamespaces/{namespace}/teamAccess

List teams granted access to an organization-owned namespace of repositories

Implementation Notes

Authorization: Client must be authenticated as a user who has ‘admin’ level access to the namespace.

Response Class (Status 200)

{
  "namespace": "string",
  "teamAccessList": [
    {
      "accessLevel": "read-only",
      "team": {
        "id": "string",
        "clientUserIsMember": true
      }
    }
  ]
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
namespace	(empty)	namespace/owner of repository	path	string
start	(empty)	The ID of the first record on the page	query	string
limit	10	Maximum number of results to return	query	Model Model Schema integer { } `{}` Click to set as parameter value

Response Messages

HTTP Status Code

Reason

Response Model

Headers

400

the namespace is not owned by an organization

401

NOT_AUTHENTICATED: The client is not authenticated.

403

NOT_AUTHORIZED: The client is not authorized.

404

NO_SUCH_ACCOUNT: An account with the given name does not exist.

405

NOT_ALLOWED: Method Not Allowed

406

NOT_ACCEPTABLE: Not Acceptable

415

UNSUPPORTED_MEDIA_TYPE: Unsupported Media Type

delete /api/v0/repositoryNamespaces/{namespace}/teamAccess/{teamname}

Revoke a team's access to an organization-owned namespace of repositories

get /api/v0/repositoryNamespaces/{namespace}/teamAccess/{teamname}

Get a team's granted access to an organization-owned namespace of repositories

Implementation Notes

Authorization: Client must be authenticated as a user who has "admin" level access to the namespace, is a system admin, member of the organization's "owners" team, or is a member of the team in question.

Response Class (Status 200)

{
  "accessLevel": "read-only",
  "team": {
    "id": "string",
    "clientUserIsMember": true
  },
  "namespace": "string"
}

Response Content Type

Parameters

Parameter	Value	Description	Parameter Type	Data Type
namespace	(empty)	namespace/owner of repository	path	string
teamname	(empty)	team name	path	string

Response Messages

HTTP Status Code

Reason

Response Model

Headers

401

NOT_AUTHENTICATED: The client is not authenticated.

403

NOT_AUTHORIZED: The client is not authorized.

404

NO_SUCH_TEAM: A team with the given name does not exist in the organization.

405

NOT_ALLOWED: Method Not Allowed

406

NOT_ACCEPTABLE: Not Acceptable

415

UNSUPPORTED_MEDIA_TYPE: Unsupported Media Type

put /api/v0/repositoryNamespaces/{namespace}/teamAccess/{teamname}

Set a team's access to an organization-owned namespace of repositories

Implementation Notes

Authorization: Client must be authenticated as a user who has ‘admin’ level access to the namespace.

Response Class (Status 200)

{
  "accessLevel": "read-only",
  "team": {
    "id": "string",
    "clientUserIsMember": true
  },
  "namespace": "string"
}

Response Content Type

Parameters

Parameter Value Description Parameter Type Data Type

namespace

(empty)

namespace/owner of repository

path

string

teamname

(empty)

team name

path

string

body

{
  "accessLevel": "read-only"
}

Click to set as parameter value

Response Messages

HTTP Status Code

Reason

Response Model

Headers

400

the team does not belong to the owning organization

401

NOT_AUTHENTICATED: The client is not authenticated.

403

NOT_AUTHORIZED: The client is not authorized.

404

NO_SUCH_TEAM: A team with the given name does not exist in the organization.

405

NOT_ALLOWED: Method Not Allowed

406

NOT_ACCEPTABLE: Not Acceptable

415

UNSUPPORTED_MEDIA_TYPE: Unsupported Media Type

workers : Workers

- get /enzi/v0/workers
  - List all workers ordered by ID
  Response Class (Status 200)
  Model
  
  Model Schema
  
  responses.Workers {
  workers (Array[responses.Worker])
  }
  responses.Worker {
  id (string):
  The ID of this worker
  ,
  address (string):
  Address at which an API server can contact the worker
  
  }
  
  { "workers": [ { "id": "string", "address": "string" } ] }
  Response Content Type
  
  Curl
  
  Request URL
  
  Response Body
  
  Response Code
  
  Response Headers

get /enzi/v0/workers/{workerID}/ping

Check to make sure that a job's worker is responsive

delete /enzi/v0/workers/{workerID}

Delete a worker

Parameter	Value	Description	Parameter Type	Data Type
action	any	Filter jobs by action.	query	string
worker	any	Filter jobs by worker ID.	query	string
start	(empty)	Return most recently scheduled jobs starting from this offset index.	query	Model Model Schema integer { } `{}` Click to set as parameter value
limit	(empty)	Maximum number of jobs per page of results.	query	Model Model Schema integer { } `{}` Click to set as parameter value

Parameter	Value	Description	Parameter Type	Data Type
file	(empty)	Upload file to init database	formData	undefined
online		Init or update vuln db in online mode.	query	boolean

Parameter	Value	Description	Parameter Type	Data Type
workerID	(empty)	ID of worker to delete	path	string
force		Force removal of the worker record. For use when the worker has been manually shutdown.	query	boolean

accounts : Accounts

Implementation Notes

Response Class (Status 200)

Parameters

Curl

Request URL

Response Body

Response Code

Response Headers

Response Class (Status 201)

Parameters

Curl

Request URL

Response Body

Response Code

Response Headers

Parameters

Response Messages

Curl

Request URL

Response Body

Response Code

Response Headers

Response Class (Status 200)

Parameters

Curl

Request URL

Response Body

Response Code

Response Headers

Response Class (Status 200)

Parameters

Curl

Request URL

Response Body

Response Code

Response Headers

Response Class (Status 200)

Parameters

Curl

Request URL

Response Body

Response Code

Response Headers

Implementation Notes

Response Class (Status 200)

Parameters

Curl

Request URL

Response Body

Response Code

Response Headers

Implementation Notes

Response Class (Status 200)

Parameters

Curl

Request URL

Response Body

Response Code

Response Headers

Response Class (Status 200)

Parameters

Curl

Request URL

Response Body

Response Code

Response Headers

Response Class (Status 200)

Parameters

Curl

Request URL

Response Body

Response Code

Response Headers

Parameters

Response Messages

Curl

Request URL

Response Body

Response Code