StackRox
Container Security- Overview
- Setup
- Data & mappings
- Operations & API
- Changelog
The StackRox connector integrates with Red Hat Advanced Cluster Security for Kubernetes (RHACS / StackRox). It syncs the Kubernetes security posture and container vulnerability data managed by StackRox Central, including clusters, namespaces, nodes, deployments, container images, image components, containers, security policies, policy violations, vulnerability definitions (CVEs), and the per-image/component vulnerability findings.
All data is retrieved from the StackRox Central GraphQL API (/api/graphql), with the connection health check performed against the REST endpoint /v1/alerts. Results are paginated using StackRox Pagination (offset / limit) variables and fetched in parallel.
Data retrieved from StackRox
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Cluster | Yes | Cluster |
| Namespace | Yes | Namespace |
| Node | Yes | Node |
| Deployment | Yes | Deployment |
| Image | Yes | Image |
| Component | Yes | Component |
| Container | Yes | Container |
| Policy | Yes | Policy |
| Violation | Yes | Violation |
| Vulnerability Definition | Yes | Vulnerability Definition |
| Vulnerability | Yes | Vulnerability |
Model relationships
For detailed steps on how to view the data retrieved from StackRox in the Brinqa Platform, see How to view your data.
Connection settings
When setting up a data integration, select StackRox from the Connector dropdown and provide the following:
| Setting | Required | Default | Description |
|---|---|---|---|
| Server URL | No | — | StackRox server URL |
| API token | No | — | StackRox API token |
| Page size | No | — | Maximum number of records to get per API request |
| Parallel requests | No | — | Maximum number of parallel API requests |
| SSL / TLS | No | — | Skip certificate verification |
Authentication
StackRox uses Bearer token authentication. An API token is generated in StackRox Central (Platform Configuration → Integrations → Authentication Tokens → API Token) and supplied to the connector. The token is sent on every request in the Authorization header.
Endpoint
| Method | URL |
|---|---|
| POST | {url}/api/graphql (model data) |
| GET | {url}/v1/alerts (connection test) |
Request Headers
| Header | Value |
|---|---|
Authorization | Bearer {apiToken} |
Content-Type | application/json |
Request Body
Model queries are GraphQL POST requests. The body wraps the GraphQL query and pagination variables:
{
"query": "query getClusters($query: String, $pagination: Pagination) { nodes: clusters(query: $query, pagination: $pagination) { id name ... } }",
"variables": {
"pagination": {
"offset": 0,
"limit": 100
}
}
}
Sample Response
{
"data": {
"nodes": [
{
"id": "f7b2c1de-0000-4a00-9c00-abc123def456",
"name": "production-cluster",
"type": "OPENSHIFT4_CLUSTER",
"priority": 1,
"policyStatus": { "status": "fail" }
}
]
}
}
Response Fields
| Field | Description |
|---|---|
data | Root wrapper for a successful GraphQL response. |
data.nodes | Aliased result list for the queried object type (clusters, namespaces, nodes, deployments, images, components, deployments→containers, policies, violations, vulnerabilities). |
errors | Present when the query fails; the connector raises the first error message. |
How the credential is used
The token is stored as a confidential configuration property and applied by the connector on every request as Authorization: Bearer {apiToken}. The same token is reused for both the GraphQL data calls and the REST connection test.
How to obtain StackRox credentials
Obtain the required credentials (URL, API Token) from your StackRox administrator or the StackRox admin console, then enter them in the connection settings above.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes:
Cluster
| Source Field Name | SDM Attribute |
|---|---|
Cluster.healthStatus.admissionControlHealthStatus | Admission control status |
Cluster.healthStatus.collectorHealthStatus | Collector status |
Cluster.healthStatus.lastContact | Sensor last contact |
Cluster.healthStatus.overallHealthStatus | Cluster status |
Cluster.healthStatus.sensorHealthStatus | Sensor status |
Cluster.id | Sys ID |
Cluster.name | Name |
Cluster.policyStatus.status | Policy status |
Cluster.priority | Priority |
Cluster.status.certExpiryStatus.sensorCertExpiry | Credential expiration |
Cluster.status.orchestratorMetadata.buildDate | Build date |
Cluster.status.orchestratorMetadata.version | Kubernetes version |
Cluster.status.providerMetadata (aws/azure/google + region) | Cloud provider |
Cluster.status.sensorVersion | Sensor version |
Cluster.status.upgradeStatus.upgradability | Sensor upgrade |
Cluster.type | Type |
Namespace
| Source Field Name | SDM Attribute |
|---|---|
Namespace.latestViolation | Latest violation |
Namespace.metadata.annotations[] | Annotations |
Namespace.metadata.clusterId | Cluster ID |
Namespace.metadata.clusterName | Cluster name |
Namespace.metadata.creationTime | Creation date |
Namespace.metadata.id | Sys ID |
Namespace.metadata.labels[] | Labels |
Namespace.metadata.name | Name |
Namespace.metadata.priority | Priority |
Namespace.policyStatus.status | Policy status |
Node
| Source Field Name | SDM Attribute |
|---|---|
Node.annotations[] | Annotations |
Node.clusterId | Cluster ID |
Node.clusterName | Cluster name |
Node.containerRuntimeVersion | Container runtime |
Node.id | Sys ID |
Node.internalIpAddresses | Private IP addresses |
Node.internalIpAddresses | Public IP addresses |
Node.joinedAt | Join time |
Node.kernelVersion | Kernel version |
Node.kubeletVersion | Kubelet version |
Node.labels[] | Labels |
Node.lastUpdated | Last updated |
Node.name | Name |
Node.nodeStatus | Status |
Node.osImage | Operating system |
Node.priority | Priority |
Node.riskScore | Risk score |
Node.scan.scanTime | Scan time |
Deployment
| Source Field Name | SDM Attribute |
|---|---|
Deployment.clusterId | Cluster ID |
Deployment.clusterName | Cluster name |
Deployment.created | Creation date |
Deployment.id | Sys ID |
Deployment.inactive | Inactive |
Deployment.latestViolation | Latest violation |
Deployment.name | Name |
Deployment.namespace | Namespace name |
Deployment.namespaceId | Namespace ID |
Deployment.policyStatus | Policy status |
Deployment.priority | Priority |
Image
| Source Field Name | SDM Attribute |
|---|---|
Image.deployments[].id | Deployments |
Image.id | Sys ID |
Image.lastUpdated | Last updated |
Image.metadata.dataSource.name | Source |
Image.metadata.layerShas | Layer SHAs |
Image.metadata.v1.created | Creation date |
Image.metadata.v2.digest | Digest |
Image.name.fullName | Name |
Image.priority | Priority |
Image.riskScore | Risk score |
Image.scan.dataSource.name | Scanner |
Image.scan.operatingSystem | Operating system |
Image.scan.scanTime | Scan time |
Image.watchStatus | Watch status |
Component
| Source Field Name | SDM Attribute |
|---|---|
Component.fixedIn | Fixed in |
Component.id | Sys ID |
Component.images[].id | Images |
Component.lastScanned | Last scanned |
Component.layerIndex | Layer index |
Component.license.name | License |
Component.location | Location |
Component.name | Name |
Component.priority | Priority |
Component.riskScore | Risk score |
Component.source | Source |
Component.version | Revision |
Container
| Source Field Name | SDM Attribute |
|---|---|
Deployment.containers[].id | Sys ID |
Deployment.containers[].image.id | Image ID |
Deployment.containers[].image.name.fullName | Image name |
Deployment.containers[].name | Name |
Deployment.id | Deployment ID |
Deployment.name | Deployment name |
Policy
| Source Field Name | SDM Attribute |
|---|---|
Policy.categories | Categories |
Policy.description | Description |
Policy.disabled (negated) | Enabled |
Policy.enforcementActions | Enforcement actions |
Policy.eventSource | Event source |
Policy.id | Sys ID |
Policy.isDefault | Enforced |
Policy.lastUpdated | Last updated |
Policy.latestViolation | Latest violation |
Policy.lifecycleStages | Lifecycle stages |
Policy.name | Name |
Policy.notifiers | Notifiers |
Policy.policyStatus | Status |
Policy.policyVersion | Revision |
Policy.rationale | Rationale |
Policy.remediation | Remediation |
Policy.severity | Severity |
Violation
| Source Field Name | SDM Attribute |
|---|---|
Violation.deployment.containers[].name | Container names |
Violation.deployment.id | Deployment ID |
Violation.enforcement.action | Enforcement action |
Violation.entity.__typename | Type |
Violation.firstOccurred | First found |
Violation.id | Sys ID |
Violation.image.id | Image ID |
Violation.lifecycleStage | Lifecycle stage |
Violation.policy.id | Policy ID |
Violation.policy.name | Policy name |
Violation.resolvedAt | Resolved at |
Violation.snoozeTill | Snooze till |
Violation.state | State |
Violation.time | Last found |
Violation.violations[].message | Events |
Vulnerability Definition
| Source Field Name | SDM Attribute |
|---|---|
vulnerabilities.cve | CVE ID |
vulnerabilities.cvss | CVSS score |
vulnerabilities.cvssV3.exploitabilityScore / cvssV2.exploitabilityScore | Exploitability score |
vulnerabilities.cvssV3.vector / cvssV2.vector | CVSS vector |
vulnerabilities.envImpact | Environment impact |
vulnerabilities.id | Sys ID |
vulnerabilities.isFixable | Fixable |
vulnerabilities.lastModified | Last modified |
vulnerabilities.publishedOn | Date published |
vulnerabilities.scoreVersion | Scoring version |
vulnerabilities.severity | Severity |
vulnerabilities.summary | Summary |
vulnerabilities.vulnerabilityTypes | Type |
Vulnerability
| Source Field Name | SDM Attribute |
|---|---|
components.fixedIn | Fixed in |
components.id | Component ID |
components.images[].id | Image ID |
MD5 of vulnerability.id + component.id + image.id | Sys ID |
vulnerabilities.createdAt | Creation date |
vulnerabilities.id | Definition ID |
vulnerabilities.lastScanned | Last found |
vulnerabilities.suppressed | Suppressed |
vulnerabilities.suppressExpiry | Suppress expiry |
Operations & API
Expand each connector object to see its operation options, delta-sync behavior, and the API it uses. See connector operation options for how to apply operation options (keys and values are case-sensitive).
Cluster
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: GraphQL query · Endpoint:
POST /api/graphql
query getClusters($query: String, $pagination: Pagination) {
nodes: clusters(query: $query, pagination: $pagination) {
id
name
type
priority
healthStatus {
lastContact
sensorHealthStatus
collectorHealthStatus
admissionControlHealthStatus
overallHealthStatus
healthInfoComplete
}
status {
certExpiryStatus { sensorCertExpiry }
orchestratorMetadata { version }
providerMetadata {
aws { accountId }
azure { subscriptionId }
google { clusterName project }
region
zone
verified
}
sensorVersion
upgradeStatus { upgradability upgradabilityStatusReason }
}
policyStatus { status }
}
}
Namespace
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: GraphQL query · Endpoint:
POST /api/graphql
query getNamespaces($query: String, $pagination: Pagination) {
nodes: namespaces(query: $query, pagination: $pagination) {
metadata {
id
name
priority
creationTime
clusterId
clusterName
labels { key value }
annotations { key value }
}
policyStatus { status }
latestViolation
}
}
Node
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: GraphQL query · Endpoint:
POST /api/graphql
query getNodes($query: String, $pagination: Pagination) {
nodes: nodes(query: $query, pagination: $pagination) {
id
name
osImage
containerRuntime { type version }
containerRuntimeVersion
clusterId
clusterName
priority
externalIpAddresses
internalIpAddresses
joinedAt
k8SUpdated
kernelVersion
kubeletVersion
kubeProxyVersion
nodeStatus
operatingSystem
riskScore
labels { key value }
annotations { key value }
scan { scanTime }
lastUpdated
}
}
Deployment
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: GraphQL query · Endpoint:
POST /api/graphql
query getDeployments($query: String, $pagination: Pagination) {
nodes: deployments(query: $query, pagination: $pagination) {
id
name
inactive
priority
clusterId
clusterName
namespaceId
namespace
policyStatus
latestViolation
created
}
}
Image
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: GraphQL query · Endpoint:
POST /api/graphql
query getImages($query: String, $pagination: Pagination) {
nodes: images(query: $query, pagination: $pagination) {
id
name { fullName }
watchStatus
priority
riskScore
deployments { id name }
metadata {
layerShas
dataSource { id name }
v1 { digest created }
v2 { digest }
}
notes
scan {
dataSource { id name }
operatingSystem
scannerVersion
scanTime
notes
}
lastUpdated
}
}
Component
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: GraphQL query · Endpoint:
POST /api/graphql
query getComponents($query: String, $pagination: Pagination) {
nodes: components(query: $query, pagination: $pagination) {
id
name
version
location
source
fixedIn
topVuln { cvss scoreVersion }
images { id name { fullName } }
priority
}
}
Container
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: GraphQL query · Endpoint:
POST /api/graphql
query getDeployments($query: String, $pagination: Pagination) {
nodes: deployments(query: $query, pagination: $pagination) {
id
name
containers {
id
name
image { id name { fullName } }
config { appArmorProfile args env { envVarSource key value } directory uid user command }
ports { containerPort exposedPort exposure exposureInfos { externalHostnames externalIps level nodePort serviceClusterIp serviceId serviceName servicePort } }
readinessProbe { defined }
resources { cpuCoresLimit cpuCoresRequest memoryMbLimit }
secrets { name path }
securityContext { privileged }
volumes { destination name source readOnly mountPropagation }
}
}
}
Policy
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: GraphQL query · Endpoint:
POST /api/graphql
query getPolicies($pagination: Pagination) {
nodes: policies(pagination: $pagination) {
id
name
disabled
isDefault
description
severity
rationale
remediation
policyStatus
policyVersion
eventSource
lifecycleStages
categories
notifiers
enforcementActions
scope { cluster namespace label { key value } }
mitreAttackVectors { tactic techniques }
fullMitreAttackVectors { tactic { id name description } techniques { id name description } }
mitreVectorsLocked
latestViolation
lastUpdated
}
}
Violation
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: GraphQL query · Endpoint:
POST /api/graphql
query getViolations($query: String, $pagination: Pagination) {
nodes: violations(query: $query, pagination: $pagination) {
id
entity { type: __typename }
state
lifecycleStage
firstOccurred
snoozeTill
resolvedAt
time
enforcement { action message }
policy { id name }
image { id name { fullName } }
deployment { id name containers { name } }
processViolation { message }
resource { name clusterId clusterName namespaceId namespaceName: namespace resourceType }
events: violations { message }
}
}
Vulnerability Definition
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: GraphQL query · Endpoint:
POST /api/graphql
query getCves($query: String, $pagination: Pagination) {
nodes: vulnerabilities(query: $query, pagination: $pagination) {
id
cve
cvss
cvssV2: vectors { ...cvssV2 }
cvssV3: vectors { ...cvssV3 }
vulnerabilityTypes
scoreVersion
envImpact
impactScore
summary
severity
isFixable
createdAt
lastModified
publishedOn
}
}
fragment cvssV2 on CVSSV2 { accessComplexity attackVector authentication availability confidentiality exploitabilityScore impactScore integrity score severity vector }
fragment cvssV3 on CVSSV3 { attackComplexity attackVector availability confidentiality exploitabilityScore impactScore integrity privilegesRequired scope score severity userInteraction vector }
Vulnerability
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: GraphQL query · Endpoint:
POST /api/graphql
query getCves($query: String, $pagination: Pagination) {
nodes: vulnerabilities(query: $query, pagination: $pagination) {
id
suppressed
suppressExpiry
discoveredAtImage
lastScanned
components {
id
version
fixedIn
images { id }
}
}
}
Changelog
The StackRox connector has undergone the following changes:
| Version | Description | Migration Steps |
|---|---|---|
| 3.0.5 | No changes in this release. | N/A |
| 3.0.4 | No changes in this release. | N/A |
| 3.0.3 | No changes in this release. | N/A |
| 3.0.2 | No changes in this release. | N/A |
| 3.0.1 | No changes in this release. | N/A |
| 3.0.0 | No changes in this release. | N/A |