For {project}, either project-number or project-id can be provided.
Query parameters
Parameters
pageSize
integer
The maximum number of results to return.
pageToken
string
A pagination token returned from a previous call to vulnerabilityReports.list that indicates where this listing should continue from.
filter
string
This field supports filtering by the severity level for the vulnerability. For a list of severity levels, see Severity levels for vulnerabilities.
The filter field follows the rules described in the AIP-160 guidelines as follows:
Filter for a specific severity type: you can list reports that contain vulnerabilities that are classified as medium by specifying vulnerabilities.details.severity:MEDIUM.
Filter for a range of severities : you can list reports that have vulnerabilities that are classified as critical or high by specifying vulnerabilities.details.severity:HIGH OR
vulnerabilities.details.severity:CRITICAL
Request body
The request body must be empty.
Response body
A response message for listing vulnerability reports for all VM instances in the specified location.
If successful, the response body contains data with the following structure:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-28 UTC."],[[["\u003cp\u003eThis API endpoint lists vulnerability reports for all VM instances within a specified zone using a GET request.\u003c/p\u003e\n"],["\u003cp\u003eThe request URL requires a \u003ccode\u003eparent\u003c/code\u003e path parameter in the format \u003ccode\u003eprojects/*/locations/*/instances/*\u003c/code\u003e to identify the target project, location, and instances.\u003c/p\u003e\n"],["\u003cp\u003eQuery parameters allow for filtering results by \u003ccode\u003epageSize\u003c/code\u003e, continuing pagination with \u003ccode\u003epageToken\u003c/code\u003e, and filtering by severity with the \u003ccode\u003efilter\u003c/code\u003e parameter using severity levels like \u003ccode\u003eMEDIUM\u003c/code\u003e, \u003ccode\u003eHIGH\u003c/code\u003e, or \u003ccode\u003eCRITICAL\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe request body must be empty, and a successful response includes a list of \u003ccode\u003evulnerabilityReports\u003c/code\u003e and a \u003ccode\u003enextPageToken\u003c/code\u003e for pagination, represented in JSON format.\u003c/p\u003e\n"],["\u003cp\u003eAuthorization requires the OAuth scope \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e and the IAM permission \u003ccode\u003eosconfig.vulnerabilityReports.list\u003c/code\u003e on the parent resource.\u003c/p\u003e\n"]]],[],null,["# Method: projects.locations.instances.vulnerabilityReports.list\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Path parameters](#body.PATH_PARAMETERS)\n- [Query parameters](#body.QUERY_PARAMETERS)\n- [Request body](#body.request_body)\n- [Response body](#body.response_body)\n - [JSON representation](#body.ListVulnerabilityReportsResponse.SCHEMA_REPRESENTATION)\n- [Authorization scopes](#body.aspect)\n- [IAM Permissions](#body.aspect_1)\n- [Try it!](#try-it)\n\nList vulnerability reports for all VM instances in the specified zone.\n\n### HTTP request\n\n`GET https://osconfig.googleapis.com/v1/{parent=projects/*/locations/*/instances/*}/vulnerabilityReports`\n\nThe URL uses [gRPC Transcoding](https://google.aip.dev/127) syntax.\n\n### Path parameters\n\n### Query parameters\n\n### Request body\n\nThe request body must be empty.\n\n### Response body\n\nA response message for listing vulnerability reports for all VM instances in the specified location.\n\nIf successful, the response body contains data with the following structure:\n\n### Authorization scopes\n\nRequires the following OAuth scope:\n\n- `https://www.googleapis.com/auth/cloud-platform`\n\nFor more information, see the [Authentication Overview](/docs/authentication#authorization-gcp).\n\n### IAM Permissions\n\nRequires the following [IAM](https://cloud.google.com/iam/docs) permission on the `parent` resource:\n\n- `osconfig.vulnerabilityReports.list`\n\nFor more information, see the [IAM documentation](https://cloud.google.com/iam/docs)."]]
