For {project}, either project-number or project-id can be provided.
Query parameters
Parameters
pageSize
integer
The maximum number of results to return.
pageToken
string
A pagination token returned from a previous call to vulnerabilityReports.list that indicates where this listing should continue from.
filter
string
This field supports filtering by the severity level for the vulnerability. For a list of severity levels, see Severity levels for vulnerabilities.
The filter field follows the rules described in the AIP-160 guidelines as follows:
Filter for a specific severity type: you can list reports that contain vulnerabilities that are classified as medium by specifying vulnerabilities.details.severity:MEDIUM.
Filter for a range of severities : you can list reports that have vulnerabilities that are classified as critical or high by specifying vulnerabilities.details.severity:HIGH OR
vulnerabilities.details.severity:CRITICAL
Request body
The request body must be empty.
Response body
A response message for listing vulnerability reports for all VM instances in the specified location.
If successful, the response body contains data with the following structure:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-28 UTC."],[[["\u003cp\u003eThis endpoint allows users to list vulnerability reports for all VM instances within a specified zone using a \u003ccode\u003eGET\u003c/code\u003e HTTP request.\u003c/p\u003e\n"],["\u003cp\u003eThe request requires a \u003ccode\u003eparent\u003c/code\u003e path parameter to specify the project, location, and instances for which to retrieve reports, and supports optional query parameters like \u003ccode\u003epageSize\u003c/code\u003e, \u003ccode\u003epageToken\u003c/code\u003e, and \u003ccode\u003efilter\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe filter parameter can be used to list vulnerability reports by specific severity type or by a range of severity, allowing you to view vulnerabilities that are classified as medium, or critical and high for example.\u003c/p\u003e\n"],["\u003cp\u003eThe response will include a list of \u003ccode\u003evulnerabilityReports\u003c/code\u003e and a \u003ccode\u003enextPageToken\u003c/code\u003e for pagination when there are more reports to be shown.\u003c/p\u003e\n"],["\u003cp\u003eTo utilize this functionality, users must have the \u003ccode\u003eosconfig.vulnerabilityReports.list\u003c/code\u003e IAM permission and the \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e OAuth scope.\u003c/p\u003e\n"]]],[],null,[]]