Checking images from registries

The Resources → Assets → Registries section contains a list of images scanned by Kaspersky Container Security and the image scan results. The list includes images from registries integrated with Kaspersky Container Security. You can add images to the list automatically or manually.

The list of images is empty until you configure integration with registries and settings for pulling and scanning images for the registry in the Administration section.

The list of images is displayed as a table, the images are grouped by repositories.

You can perform the following actions in the Resources → Assets → Registries section:

• Search for images by name or checksum.

  A search is conducted only in the selected active image registry. If the sought image is absent from the selected registry but is part of a different registry, the search gives no results.

• Filter the list to display images that match the specified criteria:
  • Images only from the specified registries;
  • Images that comply with or fail to comply with benchmarks;
  • Images scanned during a specified period of time;
  • Images for which the specified risks are identified.
• Start rescanning of the specified images (the Rescan button is displayed above the table after you select one or more images).
• Add images to the list and remove images from the list.
• View detailed information about the image scanning results.

Adding and removing images

Images from the registries integrated with Kaspersky Container Security can be added to the list of images automatically, in line with the configured settings for pulling and scanning images for each registry. You can also add images to the list of images from registries manually. New images are queued for scanning.

To manually add images to the list:

1. In the Resources → Assets → Registries section, do one of the following:
   • Select a repository from the list, open the action menu located to the right of the repository name, and select Add images.
   • Click the Add images button above the table.
2. Do one of the following:
   • If you add images from the selected repository, select the required image tags in the window that opens and click the Add images button.
   • If you add images using the Add images button above the table, in the window that opens, select a registry, a repository, one or more images and click the Add images button.

To optimize the load on image registries, a list of images in the connected registries is generated every 10 minutes. After a new image appears in the registry, its appearance in the Kaspersky Container Security interface may be delayed by the specified period.

To remove images from the list:

1. In the Resources → Assets → Registries section, do one of the following:
   • Select one or more images that you want to remove from the list and start removal using the Delete link located above the table.
   • In the list, select the repository of images you want to delete, open the action menu on the row with the repository name, and select Delete repository.
2. In the window that opens, confirm the action.

Viewing image scanning results from registries

Summary information about the scanning results for all images in the repository and each specific image is displayed in the list of images in the Resources → Assets → Registries section.

Click the image name link to open a page with detailed information on image scanning results.

The tabs at the top of the window contain the following information:

• The Risk tab provides a summary of the scanning results. If threats are detected during scanning, recommended actions to protect the image are available at the bottom of the page. Click the Rescan image button to repeat scanning of the image.
• The Vulnerabilities tab shows the vulnerabilities detected in the image. Clicking the link in the name of the vulnerability can open a detailed description of the vulnerability and find out if it has an
  exploit

  Program code that takes advantage of some vulnerability in the system or in application software. Exploits are frequently used to install malware on a computer without the user's knowledge.

  .

  Kaspersky Container Security receives a description of vulnerabilities from the connected vulnerabilities database. The description is provided in the language of the vulnerabilities database. For example, a description of vulnerabilities from the NVD is displayed in English.
  The classification of vulnerabilities in the solution matches the classification used in the connected vulnerabilities database.

• The Layers tab displays layers used in the image with the specification of identified vulnerabilities. Click the layer name link to open a detailed description of the identified vulnerabilities.
• The Resources tab demonstrates resources (components) with the specification of identified vulnerabilities. Click the resource name link to open a detailed description of the identified vulnerabilities.
• The Malware tab lists malware detected in the image. Click the malware name link to open a detailed description.
• The Sensitive data tab shows sensitive data (secrets) found in the image such as passwords, access keys, or tokens.
• The Misconfigurations tab displays detected image misconfigurations that constitute a threat. Click the misconfiguration name link to open a detailed description.
• The Information tab provides the basic information about the image and image history.
• The Scan history presents the latest scan results for each version of the image. The results are updated if the same version of an image is scanned, or they are added in a separate row of the table if a different version of the image is scanned.

You can accept each identified risk.

Detailed information about detected vulnerabilities

You can view detailed information about a vulnerability detected in an image. To do this, in the window with the image scan results, select the Vulnerabilities tab and click the link with the vulnerability entry identifier. The identifier is given in CVE-YYYY-X... format, where:

• CVE is a prefix that indicates that the vulnerability is included in the database of known vulnerabilities and security defects.
• YYYY is the year when the vulnerability was reported.
• X... is the number assigned to the vulnerability by authorized bodies.

A separate window displays the following information about the detected vulnerability:

• Vulnerability entry identifier
• Vulnerability severity level
• Description of the vulnerability and a link to additional information
• Installed resource
• Vulnerability severity score based on the
  CVSS

  Common Vulnerability Scoring System is an open standard for scoring vulnerabilities. CVSS specifies a set of metrics and formulas for scoring vulnerability severity, with values from 0 (minimum) to 10 (maximum). CVSS allows you to allocate vulnerability response efforts based on vulnerability severity.

  open standard in the
  NVD

  The National Vulnerability Database is the United States Government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol.

  ,
  VDB

  The Data Security Threats Database (DSTD or VDB) is a national vulnerability database maintained by the Russian Federal Service for Technical and Export Control (FSTEC).

  , and
  RED OS

  Russian general-purpose operating system RED OS supports scanning for vulnerabilities that can threaten the functioning of services and workstations.

  vulnerability databases, as well as the final consolidated vulnerability severity score.
• You can accept the risk of the vulnerability by clicking the Accept button.
• Information about the scan:
  • Image in which the vulnerability was detected
  • Operating system that was scanned
  • Date when the vulnerability was first detected
  • Date when the image was last scanned
  • Performed workloads

Page top

Detailed information about detected malware

If image scanning detects malware, the solution displays this on the page with information about the image scan results. To view detailed information about a detected malicious object, in the window with image scan results, select the Malware tab.

For each object, the solution generates the MD5 or SHA256 hash and indicates the path to the location where it was detected.

You can view detailed information about detected malicious objects in the cyberthreat databases created in

A page with a threat description on the Kaspersky OpenTIP portal is publicly available. Users must enter their account credentials to access Kaspersky TIP.

Page top

Scan statuses

A scan conducted by Kaspersky Container Security results in the assignment of a status to the scanned object. The solution assigns one of the following statuses:

• Ok. This status is assigned if no vulnerabilities, malware, sensitive data or misconfigurations are detected in the object.
• Negligible. This vulnerability status is displayed if Kaspersky Container Security assigns it maximum severity status.
• Low.
• Medium.
• High.
• Critical. This status is assigned to an image if malware is detected during the scan.

The image is assigned the highest severity level of all detected.

If vulnerabilities, sensitive data or misconfigurations are detected, they are assigned statuses that match those indicated in the security threat databases used for the scan (for example, NVD or VDB (DSTD)). These vulnerability and threat databases use special scoring scales to assess the severity of security threats. For example, the Common Vulnerability Scoring System (CVSS) is applied in the NVD.

Page top