Analyzing detected vulnerabilities

Kaspersky Container Security detects vulnerabilities through static analysis of registry images, image scans in the runtime and CI/CD objects. For analysis purposes, the full list of detected vulnerabilities is presented as a table in the Investigation → Vulnerabilities section.

The table lists the following for each detected vulnerability:

The Vulnerability column contains the ID of the vulnerability entry. By clicking on the identifier, you can open a page with detailed information about the vulnerability detected in the image.
The Severity column displays the severity level of the detected vulnerability and whether it has an exploit.
The Resource column contains the name of the resource where the vulnerability was detected.
The Vendor fix column shows whether a fix for the vulnerability is available from the vendor. The solution shows the version number that has the fix, or indicates that no fix is available.
The Artifacts column shows the number of artifacts (images in registries and the runtime environment, as well as CI/CD objects) that are scanned by Kaspersky Container Security.
The solution displays the number of unique images based on imagename:tag for the selected scope. When determining the number of artifacts, the following rules apply:
- If an image based on imagename:tag is part of the resources of a scope based on resources and clusters, then the image is counted once.
- If a user has access to resources of a scope based on clusters, but does not have access to resources based on registries in this scope, only the number of images in the runtime is counted.
- If you specify All in the scopes filter, the total number of artifacts for all scopes is displayed.
- CI/CD artifacts are only countable when working with the default scope.
The Workloads column shows the number of pods containing images with the vulnerability.

Using filters, you can select vulnerabilities to display in the table in the Investigation → Vulnerabilities section.

Page top