I am using GCR to host container images and using a native scanner to scan for vulnerabilities.
Is there a way I can export container registry vulnerabilities into CSV format from GUI/API?
I don't see anything at the GUI for export. Without the export feature, it's difficult to share findings to the team for the fix.
Yes it is possible to get the list(or occurence) of vulnerabilities using Container analysis API.
The code that is used to retrieve the list is here
The details of the usage of API and methods is in here(which i am assuming you would have gone through)
Based on the list you can export it to a flat file in GCS or Pub/Sub topic, for which you will have to write extra logic