To view vulnerabilities in a container image scan report, perform the following procedure.
Procedure
- On the left navigation pane, do one of the following depending on your system configuration and role:
- If you have the Kubernetes Security DevOps or SecOps role and your system has only the Container security feature, click Inventory > Container Images.
- If you have any other role and your system has Container security and other Carbon Black Cloud features, click Inventory > Kubernetes > Container Images.
- Click the Deployed Images tab.
- Click the name of an image in the Image Tag column to open the Image Scan Report.
- Click the Vulnerabilities tab.
You can filter the list of vulnerabilities by severity, available fixes, type, and layer. For example, you can view only those vulnerabilities that have a high severity, available fixes, and of type
deb
: - Perform your search or view all vulnerabilities. The resulting list of vulnerabilities contains the following fields:
- Severity level. Container images can have multiple vulnerabilities, each with a different risk score. Based on this score, vulnerabilities are filtered on the level of severity - critical, high, medium, and low. See Severity Scoring.
- Vulnerability. You can click any CVE tag to see more details. See View a Container Image Scan Report - Vulnerability Details.
- Type. You can filter vulnerabilities based on the package type. For example, the
dpkg
packages on Debian Linux type. - Package / Library
- Version
- Available fix. If a fix is available, you can view the package and version.
- Exception toggle. See Allow an Exception for a Vulnerability.
- Note. Click Add Note to include a note about this vulnerability; for example, if you create an exclusion, it is useful to note the reason for the exclusion.
- To export the vulnerability data into a CSV file, click Export.