New Vulnerability Scanning API Operations and Policies

To view all vulnerability reports using the Console, a policy must exist which grants you access to either the vss-family aggregate resource type or the new vss-vulnerabilities resource type. To export host vulnerability reports, a policy must exist which grants you access to either vss-family or the existing host-vulnerabilities type. See Scanning IAM Policies.

You can use the new Vulnerability API to search for vulnerabilities found in both host and container targets. To use this API, a policy must exist which grants you access to either vss-family or vss-vulnerabilities.

You can continue to use the existing HostVulnerability API to search for and export vulnerabilities found in host targets only. This API is associated with the existing host-vulnerabilities resource type.