Risk handling

Threats identified by Kaspersky Container Security (vulnerabilities, malware, sensitive data, and misconfigurations) are subject to the Risk acceptance procedure. If you accept the risk of a threat, it will not be considered by assurance policies when determining image security status (Compliant/Non-compliant with security policies) during the specified acceptance period. Image scanning continues to detect the threat, but does not label the image as Non-compliant.

If you accept the risk of a vulnerability detected in an image, this risk is accepted for the specific image registry. If the risk is accepted for all vulnerabilities in an image, the image is deemed compliant with security policy requirements and is given Compliant status.

If you change the settings of the assurance policy applied to images, the image security status also changes.

The risk from a threat is accepted for a period of 30 days by default. You can extend the period during which the risk is considered accepted. You can also cancel risk acceptance at any time. If you cancel risk acceptance, the associated threat will again affect the security status of the image.

You can view the list of all accepted risks in the Policies → Risk acceptance section.

Risk acceptance

You can accept the risks found by the solution taking into account the following:

• In case of vulnerabilities, configuration errors, and sensitive data, you can accept risks with all severity levels.
• In case of malware, you can accept risks only with the Medium, Low, and Negligible severity levels.

  You cannot accept risks with the High and Critical severity levels.

To accept the risk:

1. In the image scanning results window, open the tab with information about the required type of detected threats.
2. In the table, select a threat and click Accept or Accept risk in the action menu (depending on selected tab) to start risk acceptance.
3. In the window that opens, specify the risk acceptance parameters:
   • Select the extent of risk acceptance:
     • For the selected image with the detected risk;
     • For all images in the repository containing the image with the detected security threat;
     • For all images in which this security threat has been or will be detected.
   • If required, specify the period after which this security threat must be considered again when determining image security status.
   • Specify the reason for risk acceptance.
4. Click the Accept button.

The selected threat does not affect the security status of this specific image, images in the repository, or all images for the defined number of days (or for an unlimited term).

An accepted risk can be viewed in the Policies → Risk acceptance section.

Viewing information about accepted risks

The list of all accepted risks is displayed in the Policies → Risk acceptances section.

You can use the list to do the following:

• Search by risk name, repository name, image, or resource where the risk is detected.
• Filter the list by risk type and manufacturer fix availability.
• Generate a Risk acceptance report by clicking the Create report button above the table.
• Sort the list by date of acceptance, risk name, scope (applied to all images or just one image), and acceptance period. Sorting is performed using the () sort icon.
• View detailed information about risk acceptance and the associated threat. Click the risk name link to open the window with the related detailed information.

Use the buttons in the detailed information window to do the following:

• Specify or extend the time period after which this security threat must be considered again when determining image security status.
• Cancel risk acceptance.

You can also view information about the accepted risk in the list of detected threats in the image scanning results. In the row with the threat with accepted risk, you can find the time of risk acceptance. You can click the link to open a window with detailed information about the risk acceptance and the associated threat.

Cancelling risk acceptance

To cancel risk acceptance:

1. Open the window that shows detailed information about the risk acceptance and the associated threat. You can open the window by clicking the risk name link in the list of accepted risks. Or you can click the link in the row with the security risk with accepted risk, in the list of detected security risks in the image scanning results.
2. Click the Cancel risk acceptance button and confirm the action in the window that opens.

Canceling risk acceptance means that the associated threat will again affect the security status of the image(s) for which the risk was accepted.