Contents
Scanner
Scanner is a Kaspersky Container Security software component that scans objects in real time to assess their security and detect known vulnerabilities, malware, signs of sensitive data, and misconfigurations. The scanner lets you conduct security checks based on active security policies.
Kaspersky Container Security employs the following types of scanners:
- Vulnerability scanner based on the Common Vulnerabilities and Exposures (CVE) database
- File threat scanner within the File Threat Protection component
- Configuration file scanner
- Sensitive data (secrets) scanner
About object scanning
Kaspersky Container Security checks objects deployed in the solution during the scanning process.
The scanning process searches for and analyzes threats and security risks associated with objects in the solution. Object scans must be performed regularly to keep track of emerging security threats.
When scanning, Kaspersky Container Security identifies the following security threats:
- Vulnerabilities
- Malware.
- Misconfigurations
- Sensitive data
- Non-compliance with security policy requirements
Scanning process
The scanner receives scan jobs through the image handler. The image handler is a module deployed in the Kaspersky Container Security infrastructure that forwards scan jobs to the scanner and receives the scan results from the scanner.
When scan jobs are forwarded, the current status of the scanner is determined as one of the following:
- Free — the scanner is not processing objects and can accept a job from the image handler application if requested.
- Busy — the scanner is currently processing a scan job. A new job from the image handler application is put in the queue.
The scan job queue includes all forwarded scan jobs and is generated in the following cases:
- An image registry scan is manually started.
- An image registry scan is automatically started.
- A bulk scan of cluster objects is started.
Jobs in the scan queue receive the following statuses:
- Pending — status assigned by default when a job is created.
- In progress — the job is being processed by the image handler.
- Parsing results — the solution processes the job scanning results to display them in the interface.
- Error— scan job failed.
- Finished — the results of the scan job are available.
Scan jobs from the queue are submitted to the image handler in the order of their receipt. A job then goes to a scanner with Free status and is scanned for security issues. The scan results are sent back to the image handler. The job is considered completed and finished if scanning results are received. If a scan job was performed three or more times but received no results, the job is given the Error status.
When scanning many large objects, the solution may be slower to display scan results in the user interface. You may have to wait up to several minutes for the results to appear. During this time, the scan jobs are displayed in the Scanners section with the Parsing results status.
If you want to speed up the processing of scan results, you can allocate more resources to the job handler service by updating the variables in Helm Chart (for more details, see Scaling).
When an error occurs, the solution displays an error message that consists of a code and a text message (for example, HNDL-004: scan time out).
Error messages are displayed in English. Examples of messages and their meanings are listed in the table below.
Examples of possible error messages when running scan jobs
After scanning, the solution displays the scan results. If security threats are detected in an object, Kaspersky Container Security prompts you to perform one of the following actions:
- Delete the security threat.
- Accept the risk.