Detailed information about detected vulnerabilities
The list of vulnerabilities detected during image scans is presented as a table on the Vulnerabilities tab in the image scan results window. For each vulnerability, the following information is provided:
- Vulnerability entry identifier The identifier is given in the CVE-YYYY-X... format, where:
- CVE is a prefix that indicates that the vulnerability is included in the database of known vulnerabilities and security defects.
- YYYY is the year when the vulnerability was reported.
- X... is the number assigned to the vulnerability by authorized bodies.
- The vulnerability's severity level based on its risk rating.
If a vulnerability contains an exploit, an exploit icon (
) is displayed next to the severity level.
- Installed containerized resource in which the vulnerability was detected.
- Whether a fix for the vulnerability is available from the vendor. The solution shows the version number that has the fix, or indicates that no fix is available.
You can accept the risk of the vulnerability by clicking the Accept button in the Risk acceptance column.
To accept risks, risk management rights are required.
To view detailed information about a detected vulnerability:
- Click the link with the vulnerability record ID in one of the following sections:
- On the Vulnerabilities tab in the image scan results window.
- In the Vulnerabilities block on the dashboard.
- In the table with the complete list of vulnerabilities in the Investigation → Vulnerabilities section.
- This opens the sidebar with the following information about the detected vulnerability:
- Vulnerability entry identifier
- Description of the vulnerability from the vulnerability database. The description is provided in the language of the vulnerabilities database. For example, descriptions of vulnerabilities from the NVD are displayed in English.
- The General information tab displays the following:
- The vulnerability's severity level based on its risk rating.
- Installed resource in which the vulnerability was detected.
- Vulnerability severity score based on the open standard in the , , and vulnerability databases, as well as the final consolidated vulnerability severity score.
- The Artifacts tab displays detailed information on artifacts for images from registries and the runtime or CI/CD objects and indicates how many artifacts there are.
The block for an image from a registry or runtime shows the following information:
- Image object type and the name of the image. If autoprofiles were created based on the checksum of this image, an autoprofile icon (
) appears next to the image name.
By clicking on the image name, you can go to a page containing detailed information about the image scan results.
To view detailed information, you need the rights to view the image scan results.
- Operating system of the image.
- Compliance status of the image: Compliant or Not-compliant.
- Risk rating.
- Date and time of the last time the image was scanned
- Date and time when the vulnerability was first detected in the image.
The block for an object from the CI/CD pipeline shows the following information:
- Object type, which corresponds to the artifact type, and the object name.
By clicking the name of an artifact, you can go to a page containing detailed information about the results of scanning objects at the project building stage.
To view detailed information, you need the rights to view the results of scanning objects in CI/CD processes.
- Operating system in which the object was scanned.
- Compliance status of the image: Compliant or Not-compliant.
- Risk rating.
- Date and time of the last object scan
- Date and time when the vulnerability was first detected in the object.
- Timestamp for scanning the object in a CI/CD process.
- Image object type and the name of the image. If autoprofiles were created based on the checksum of this image, an autoprofile icon (
- The Workloads tab displays a list of the pods containing images with the vulnerability and how many of them there are. For each object, the following information is provided:
- Name of the cluster containing the pod in whose image or images the vulnerability was detected.
- Name of the namespace containing the pod in whose image the vulnerability was detected.
If you click the namespace name, the solution will open the namespace's side panel from the graph.
- Name of the pod in whose image the vulnerability was detected.
If you click the namespace name, the solution will open the pod's side panel from the graph.
- The Risk acceptance tab displays the following information:
- Risk acceptance date.
- Risk acceptance period.
- Subset.
- Person who initiated risk acceptance.
- Reason for risk acceptance.
The Risk acceptance tab is available if you have rights to view accepted risks.
For each accepted risk, you can do the following:
- Click the
icon to set the duration of the risk acceptance.
- Click the
icon to cancel the risk acceptance.
This tab also lets you use the Add risk acceptance button to add a risk acceptance for the vulnerability.
The "Manage risks" rights are required to edit the risk acceptance settings.