For {project}, either project-number or project-id can be provided.
Query parameters
Parameters
pageSize
integer
The maximum number of results to return.
pageToken
string
A pagination token returned from a previous call to vulnerabilityReports.list that indicates where this listing should continue from.
filter
string
This field supports filtering by the severity level for the vulnerability. For a list of severity levels, see Severity levels for vulnerabilities.
The filter field follows the rules described in the AIP-160 guidelines as follows:
Filter for a specific severity type: you can list reports that contain vulnerabilities that are classified as medium by specifying vulnerabilities.details.severity:MEDIUM.
Filter for a range of severities : you can list reports that have vulnerabilities that are classified as critical or high by specifying vulnerabilities.details.severity:HIGH OR
vulnerabilities.details.severity:CRITICAL
Request body
The request body must be empty.
Response body
A response message for listing vulnerability reports for all VM instances in the specified location.
If successful, the response body contains data with the following structure:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-28 UTC."],[[["\u003cp\u003eThis API endpoint lists vulnerability reports for all VM instances within a specified zone using a GET request.\u003c/p\u003e\n"],["\u003cp\u003eThe request URL requires a \u003ccode\u003eparent\u003c/code\u003e path parameter in the format \u003ccode\u003eprojects/*/locations/*/instances/*\u003c/code\u003e to identify the target project, location, and instances.\u003c/p\u003e\n"],["\u003cp\u003eQuery parameters allow for filtering results by \u003ccode\u003epageSize\u003c/code\u003e, continuing pagination with \u003ccode\u003epageToken\u003c/code\u003e, and filtering by severity with the \u003ccode\u003efilter\u003c/code\u003e parameter using severity levels like \u003ccode\u003eMEDIUM\u003c/code\u003e, \u003ccode\u003eHIGH\u003c/code\u003e, or \u003ccode\u003eCRITICAL\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe request body must be empty, and a successful response includes a list of \u003ccode\u003evulnerabilityReports\u003c/code\u003e and a \u003ccode\u003enextPageToken\u003c/code\u003e for pagination, represented in JSON format.\u003c/p\u003e\n"],["\u003cp\u003eAuthorization requires the OAuth scope \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e and the IAM permission \u003ccode\u003eosconfig.vulnerabilityReports.list\u003c/code\u003e on the parent resource.\u003c/p\u003e\n"]]],[],null,[]]