You can review the scan report for a container image and plan your next actions. The Image Scan Report presents complete information on all aspects of the image scan.

Procedure

  1. On the left navigation pane, do one of the following depending on your system configuration and role:
    • If you have the Kubernetes Security DevOps or SecOps role and your system has only the Container security feature, click Inventory > Container Images.
    • If you have any other role and your system has Container security and other Carbon Black Cloud features, click Inventory > Kubernetes > Container Images.
  2. Click the Deployed Images tab.
  3. Click the name of an image in the Image Tag column to open the Image Scan Report. The Overview tab is opened by default.
    Overview tab of the Image Scan Report

    The General Information section lists basic container image data:

    Image name Registry Repository
    Image layers; the layers number links to the Layers tab of this report. See View a Container Image Scan Report - Layers. Manifest digest Repo digests
    Operating system Operating system version Architecture
    Size Last scan date and time User
    Labels Environmental variables Command
    Volumes Entry point Exposed port

    The Violations section displays a count of violations for Kubernetes hardening policy rules, including rules for container images. The number of violations is equal to the number of CVE codes.

    The Vulnerability Summary section displays a circular chart of discovered vulnerabilities. Hover over any section (low, medium, high, critical, or unknown) to view the number of vulnerabilities in that category. (These numbers are also displayed below the chart.)

    Vulnerability Summary section of the Overview tab in the Image Scan Report

    The Malware and Secret Detection section displays files that have a suspicious or malevolent reputation, and files that contain secrets.