You can create an exception for a vulnerability for an image. The exception will be skipped by Kubernetes hardening policies.

An image can have many vulnerabilities. If you consider some of them to not incur risk for your environment, you can enable an exception for those vulnerabilities for a specific image only.

Procedure

  1. On the left navigation pane, do one of the following depending on your system configuration and role:
    • If you have the Kubernetes Security DevOps or SecOps role and your system has only the Container security feature, click Inventory > Container Images.
    • If you have any other role and your system has Container security and other Carbon Black Cloud features, click Inventory > Kubernetes > Container Images.
  2. Click the Deployed Images tab.
  3. Click the name of an image in the Image Tag column to open the Image Scan Report.
  4. Click the Vulnerabilities tab.
  5. In the Exception column, toggle ON to enable the exception. Any Kubernetes hardening policy capturing this vulnerability for this image will not restrict further action.
  6. Click Add Note (or if there is already a note for this vulnerability, click the Edit Pencil icon for editing icon to edit it). Enter the reason for the exclusion and click Save. This is an optional but recommended step.

Results

The rule validation for a Kubernetes hardening policy with container image rules skips the images that have exceptions.