You can identify the available fixes and patches for known vulnerabilities in container images.

Each vulnerability is characterized by the following:

  • CVE code
  • List of impacted packages or libraries
  • Package version
  • Available fix or patch and version
Important: You can only identify the available fixes or patches in the Carbon Black Cloud console. To apply them, proceed to your Kubernetes environment.

Prerequisites

Become familiar with the Common Vulnerabilities and Exposures (CVE) list (external link).

Procedure

  1. On the left navigation pane, do one of the following depending on your system configuration and role:
    • If you have the Kubernetes Security DevOps or SecOps role and your system has only the Container security feature, click Inventory > Container Images.
    • If you have any other role and your system has Container security and other Carbon Black Cloud features, click Inventory > Kubernetes > Container Images.
  2. Click the Deployed Images tab.
  3. In the Fixes filter in the left pane, select Available Fixes.
    Available fixes filter option
    The table only displays images for which there are fixes. The Vulnerabilities/Fixes column indicates the number of fixes per vulnerability severity category inside associated color bars.
  4. To expand the Image Details panel, click the arrow Right arrow icon at the right of the row.
    Image Details panel on the Container Images page
  5. To view a short description of the CVE code and the package where the vulnerability is identified, click the arrow Right arrow icon to the left of the CVE.
    Vulnerability details on the Deployed Images tab

What to do next

Apply the fix or patch accordingly.