Aqua produces image scanning reports, aggregating results from Vulnerability Scanning, and Dynamic Threat Analysis. The reports are detailed and can be used to assess the security posture of your container images.


TABLE OF CONTENTS


Accessing Image Reports

Image reports can be accessed from the Images page under Aqua Image Scanning

By default, the image reports are listed ordered by the image name and can be ordered and/or filtered by a number of fields, including aqua group, score, compliance indicator, and more.


Overview Tab

When selecting an image report, an overview tab is displayed. The overview tab provides at-a-glance information about the scanned image.


The overview tab is divided into three sections, each providing a different insight about the image:

  • Compliance Status
  • Security Findings
  • Image Metadata

Compliance Status

The compliance status section provides a high level "Compliant" or "Non-compliant" statement about the image. 

The compliance assessment is customizable and depends on the configuration of the Assurance Policies. One or more Assurance Policies might be applicable for an image and this section displays the aggregated summary of all applicable policies. The section includes the following information. 

  • The overall compliance status: Compliant or Non-Compliant. 
  • A list of applicable Assurance Policies used for the compliance assessment. 
  • A list of assurance controls used in the evaluation and status of "passed" or "failed" for each. 

Security Findings

This section provides a high-level visualization of findings from the Vulnerability Scanning and Dynamic Threat Accessesment. This section includes the following information.

Image Metadata

This section presents general information about the image, often including its registry name, repository name, label, and its date of creation.

Keep Reading