To view layers in a container image scan report, perform the following procedure.

Procedure

  1. On the left navigation pane, do one of the following depending on your system configuration and role:
    • If you have the Kubernetes Security DevOps or SecOps role and your system has only the Container security feature, click Inventory > Container Images.
    • If you have any other role and your system has Container security and other Carbon Black Cloud features, click Inventory > Kubernetes > Container Images.
  2. Click the Deployed Images tab.
  3. Click the name of an image in the Image Tag column.
  4. Click the Layers tab.
  5. You can search for a specific layer. You can also limit the layer table results to only those layers that have vulnerabilities: deselect the check box for Show layers with no vulnerabilities.
    Layers tab of the Image Scan Report

    The Layers tab shows the following information:

    • Layer name
    • A secret or malware tag, if applicable
    • Number of packages in the layer
    • Vulnerabilities and applicable fixes
    • Layer size
  6. For more details about a layer, click the arrow Arrow icon icon at the right of the layer row.

    Image Details panel in the Image Scan Report

    In the Layer Details panel, you can:

    • Copy the command that was used to create the image layer from the Layer field.
    • View the layer's unique identifier in the Layer digest field.
    • View malware.
    • Show all vulnerabilities in this layer. Click Show all in the Vulnerabilities section to be directed to the Vulnerabilities tab. See View a Container Image Scan Report - Vulnerabilities.
    • View a vulnerability summary. Click the carat Carat icon icon at the left of the CVE.

      CVE summary on the Layers tab of the Image Scan Report

    • View secrets.
    • Show all packages in this layer. Click Show all in the Packages section to be directed to the Packages tab. See View a Container Image Scan Report - Packages.