Kaspersky Container Security
2.0
English

Contents

Analyzing detected vulnerabilities

Kaspersky Container Security detects vulnerabilities through static analysis of registry images, image scans in the runtime and CI/CD objects. For analysis purposes, the full list of detected vulnerabilities is presented as a table in the InvestigationVulnerabilities section.

The table lists the following for each detected vulnerability:

  • The Vulnerability column contains the ID of the vulnerability entry. By clicking on the identifier, you can open a page with detailed information about the vulnerability detected in the image.
  • The Severity column displays the severity level of the detected vulnerability and whether it has an exploit.
  • The Resource column contains the name of the resource where the vulnerability was detected.
  • The Vendor fix column shows whether a fix for the vulnerability is available from the vendor. The solution shows the version number that has the fix, or indicates that no fix is available.
  • The Artifacts column shows the number of artifacts (images in registries and the runtime environment, as well as CI/CD objects) that are scanned by Kaspersky Container Security.

    The solution displays the number of unique images based on imagename:tag for the selected scope. When determining the number of artifacts, the following rules apply:

    • If an image based on imagename:tag is part of the resources of a scope based on resources and clusters, then the image is counted once.
    • If a user has access to resources of a scope based on clusters, but does not have access to resources based on registries in this scope, only the number of images in the runtime is counted.
    • If you specify All in the scopes filter, the total number of artifacts for all scopes is displayed.
    • CI/CD artifacts are only countable when working with the default scope.
  • The Workloads column shows the number of pods containing images with the vulnerability.

Using filters, you can select vulnerabilities to display in the table in the InvestigationVulnerabilities section.

Page top
[Topic 290891]

Selecting vulnerabilities to display

To use the filter buttons located above the table to select vulnerabilities to display in the table:

  1. Click the filter buttons with the values you want to display. Vulnerabilities can be selected based on the following criteria:
    • Vulnerabilities by detection location:
      • Image in registries.
      • Image deployed in a runtime.
      • CI/CD object.
    • Vulnerabilities by severity level:
      • Negligible.
      • Low.
      • Medium.
      • High.
      • Critical.

    By default, all detection locations and vulnerability severity levels are selected.

  2. If necessary, use the Disabled / Enabled switch to enable or disable the display of only vulnerabilities with available exploits. By default, the switch is set to Disabled.
  3. If necessary, enter a vulnerability ID or resource name in the search field.

To use a filter to select vulnerabilities to display in the table:

  1. Click the filter icon (Filter icon.) above the table with the list of users.
  2. In the opened sidebar, use the Disabled / Enabled toggle switch to enable or disable the display of only vulnerabilities with available exploits. By default, the switch is set to Disabled.
  3. To determine the severity level, select one of the following options: Severity level or Score, and then do the following:
    • If you select Severity level, select the buttons with the values that you want to display. You can select the following display values:
      • Negligible.
      • Low.
      • Medium.
      • High.
      • Critical.

      By default, all vulnerability severity levels are selected.

    • If you select Score, use the slider to define the vulnerability score. Values from 0 to 10 are available. The solution will display vulnerabilities that match the specified vulnerability score.
  4. For the Vendor fix setting, specify whether a fix is available from the vendor: All, Available or Not available. The default value is All.
  5. For the Risk acceptance setting, specify whether the selected vulnerability has been accepted in the specified resource: All, Accepted, or Not accepted. The default value is All.
  6. For the Location details setting, specify the location where the vulnerability was detected:
    • Image in registries.
    • Image deployed in a runtime.
    • CI/CD object.

    By default, all detection locations are selected.

Page top

[Topic 291052]

Restrictions related to scopes

The access to the list of detected vulnerabilities is given by scopes assigned to the user as follows.

  • If a user is assigned the default scope, the has access to all information about the detected vulnerabilities, including CI/CD objects.
  • If the scope assigned to a user entails access to resources based on registries, the user is shown vulnerabilities for which the value of the Workloads column is 0.
  • If the scope assigned to a user entails access to resources based on clusters, the user is shown vulnerabilities for which the value of the Workloads column is greater than 0.
  • If the scope assigned to a user entails access to resources based on registries and clusters, the user is shown vulnerabilities for which the value of the Workloads column is greater than or equal to 0.

Page top

[Topic 291067]