For {project}, either project-number or project-id can be provided.
Query parameters
Parameters
pageSize
integer
The maximum number of results to return.
pageToken
string
A pagination token returned from a previous call to vulnerabilityReports.list that indicates where this listing should continue from.
filter
string
This field supports filtering by the severity level for the vulnerability. For a list of severity levels, see Severity levels for vulnerabilities.
The filter field follows the rules described in the AIP-160 guidelines as follows:
Filter for a specific severity type: you can list reports that contain vulnerabilities that are classified as medium by specifying vulnerabilities.details.severity:MEDIUM.
Filter for a range of severities : you can list reports that have vulnerabilities that are classified as critical or high by specifying vulnerabilities.details.severity:HIGH OR
vulnerabilities.details.severity:CRITICAL
Request body
The request body must be empty.
Response body
A response message for listing vulnerability reports for all VM instances in the specified location.
If successful, the response body contains data with the following structure:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-28 UTC."],[[["This endpoint allows users to list vulnerability reports for all VM instances within a specified zone using a `GET` HTTP request."],["The request requires a `parent` path parameter to specify the project, location, and instances for which to retrieve reports, and supports optional query parameters like `pageSize`, `pageToken`, and `filter`."],["The filter parameter can be used to list vulnerability reports by specific severity type or by a range of severity, allowing you to view vulnerabilities that are classified as medium, or critical and high for example."],["The response will include a list of `vulnerabilityReports` and a `nextPageToken` for pagination when there are more reports to be shown."],["To utilize this functionality, users must have the `osconfig.vulnerabilityReports.list` IAM permission and the `https://www.googleapis.com/auth/cloud-platform` OAuth scope."]]],[]]
