Find out which clusters host containers with vulnerabilities detected by Runtime Scanning.
 |
NoteRuntime Vulnerability Scanning does not support the deprecated
Docker Image Format v1. Use Docker Image Format v2 and OCI compliant container
images.
|
Runtime Scanning can detect vulnerabilities in your existing clusters. Once a vulnerability
is detected on a container, the detection displays. Switch between the Kubernetes and Amazon ECS tabs to view the desired results.
|
NoteRuntime vulnerability scan results are retained for 30 days. After 30 days, the scan
results are deleted.
|
Fix availability status
Vulnerabilities can have one of the following statuses, depending on their state.
If
a vulnerability is already fixed, the fix version is displayed instead.
|
Fix availability
|
Description
|
|
Fixed (displayed as the fixed version)
|
A newer version of the component is available with a fix for
this vulnerability. Upgrading to the any of the listed
versions fixes the vulnerability.
|
|
Not fixed
|
There is currently no available version of the component to
address the vulnerability.
|
|
Unknown
|
Not enough information is currently available to determine a
fix version for this component.
|
|
Won't fix
|
This vulnerability is not fixed and there are no plans to
create a fix for this component.
|
The following table outlines the actions available in the Vulnerabilities tab.
|
Action
|
Description
|
|
Filter the displayed data
|
Use the Filter by and Severity drop-downs to locate specific vulnerabilities in the list.
|
|
Locate the affected clusters
|
Click the Cluster link to redirect and locate the cluster in Container Security.
|
|
Export a list of vulnerabilities
|
Click the Export button to create and download a .CSV file listing all the vulnerabilities on the
page.
|
|
View CVE information
|
Select a detection in the list and click the CVE link under the table to view more
information about the CVE in the National Vulnerability Database.
|