How do I use Tanzu Salt Vulnerability

Tanzu Salt includes a vulnerability remediation solution that allows Security and IT teams to work together to assess the vulnerability status of your systems against the latest security advisories, including those that reference Common Vulnerabilities and Exposures (CVE).

After scanning and detecting advisories, Tanzu Salt can remediate any advisory that has an available repair package. You can optionally exempt certain advisories or assets to customize your vulnerability management strategy around other existing security controls.

Tanzu Salt also supports importing security scans from third-party vendors, and remediating those advisories on impacted assets if a remediation is available. This currently includes imported scans from Tenable, Rapid7, Qualys, and Kenna Security, with a built-in API connector for importing from Tenable.io.

Tanzu Salt provides various vulnerability reporting options including a quick, printable dashboard view to help assess your vulnerability trend over time.

Following a scan, you can access a downloadable list of all detected vulnerabilities, along with their corresponding advisory name, severity, vulnerability score, and affected assets. As a Automation Config add-on, Tanzu Salt goes beyond assessment, and takes advantage of Salt to actively remediate vulnerabilities while also giving you full control over when and what to remediate.

What to read next

• Using the vulnerability library

  Tanzu Salt uses an automated process to search for the latest security advisories along with the software packages or versions to fix nodes that are impacted by those vulnerabilities. This content is built and updated continuously in the vulnerability library.

• How do I create a vulnerability policy

  To begin using Tanzu Salt vulnerability, first create your security policy. In your policy, add the minions you want to target in an assessment and determine the assessment’s run schedule.

• How do I run a vulnerability assessment

  After you’ve created a policy, you can run an assessment that scans the targeted assets against the latest advisories.

• Use Case: How do I import a third-party security scan as an alternative to running an assessment

  As an alternative to running an assessment on a vulnerability policy, Tanzu Salt supports importing security scans generated by a variety of third-party vendors.

• How do I remediate advisories

  After completing an initial assessment, you can then remediate the advisories that were detected in the assessment.