TABLE OF CONTENTS

Overview

This topic explains the information that you can find in the Vulnerabilities page and the two display modes showing this information. You should navigate to the Security Reports > Vulnerabilities page to find the list of vulnerabilities. You can access the following information and take different actions from this page:

  • List of all (or selected) vulnerabilities that Aqua has found during scanning of your images
  • Access summary and detailed information on the status of each vulnerability
  • Perform operations related to:
    • Reactive risk management
    • Acknowledge or unacknowledge the vulnerability or change the expiration of an existing acknowledge

Display modes

Once you navigate to the Vulnerabilities page, you can see the list of vulnerabilities found during image scanning, in two different modes as shown below:

  • Risk-based Insights
  • All Vulnerabilities

You can see the vulnerabilities in two different pages with Risk-based Insights being the default page. You can navigate between these two pages as required. The display mode affects only the vulnerabilities that are listed and the order of the listing. Everything else, namely the contents of each vulnerability and the actions that you can take, is the same in both modes.

Risk-based Insights

Risk-based Insights is the default page after you navigate to the Vulnerabilities page. This view is designed to help you focus on the most important and urgent vulnerabilities to manage. 


The predefined risk categories are based on several factors, including the availability of exploits for the vulnerabilities found and vulnerabilities having CVSS network attack vector, and so on.


Risk categories

Vulnerabilities in the Risk-based Insights page is divided into 5 risk categories. You can see that these risk categories are shown in the top of the page, in the increasing order of importance and urgency. You can select any one category and see the list of vulnerabilities belongs to the category in the page. Following are the risk categories that are predefined:


Risk categoryIncludes all vulnerabilities...
Medium to CriticalOf medium, high, or critical severity
Network Attack VectorWith a CVSS "network" attack vector; refer to Common Vulnerability Scoring System version 3.1: Specification Document > "2.1.1. Attack Vector (AV)"
Available ExploitWith at least one exploit that is available (in the wild)
Remote ExploitWith at least one remote exploit


 

Notes:

- The risk categories are not mutually exclusive, a vulnerability might appear in more than one category.
- Some vulnerabilities might not appear in any category.


Vulnerability counts

The top left of the page shows the total number of unique vulnerabilities that appear in at least one of the risk categories. The number of vulnerabilities is also shown for each individual risk category at the category name. Large numbers might be represented approximately (example: "1.9 K").


Notes:

- The total number is not necessarily the sum of the counts by category, since a vulnerability might appear in more than one category.
- When there are more than 5000 vulnerabilities, Aqua computes and caches their counts every 30 minutes (for efficiency) but the UI might not show up-to-date information. You can click the refresh icon in the upper right of the screen to have Aqua compute again and display the vulnerability counts.


Example

In the screenshot shown below, vulnerabilities of the lowest risk category (Medium to Critical) is selected. Although only 50 vulnerabilities are shown on the page (per the page selector at the bottom), there are, in this example, approximately 164 vulnerabilities in this category.


When the same set of vulnerabilities is filtered by the Network Attack Vector or Exploits available, the number of vulnerabilities is comparatively low. It might be a good to focus on mitigating these vulnerabilities, as they could indicate a clear and potential danger:



All Vulnerabilities

You can navigate to the All Vulnerabilities page by clicking the All Vulnerabilities > button at the top right of the page. The button label will change to < Risk-based Insights to enable navigation to that mode.


This page lists all of the vulnerability instances found in all images, while scanning them.



In this page, you can see that Vulnerability Details filter criteria, consists of the following four filters:

  • Vulnerability ID or Resource
  • Severity (dropdown)
  • Exploit Availability (dropdown): Available/Not Available
  • Exploit Type (dropdown)


Clicking the Expand button exposes three additional rows of filtering criteria and filters in each as explained below:

  • Environment Details:
    • Registry (dropdown)
    • Image Name
  • Solution Details:
    • Vendor Fix (dropdown): Yes/No
    • Acknowledgement Status (dropdown): Yes/No
  • More Filters: Score: Select vulnerability score from the bar


Example

Following screenshot shows the list of vulnerabilities that are filtered by the following criteria:

  • Vulnerability severity: Critical
  • Registry (in which the vulnerable images were found): Docker Hub
  • Vendor Fix: Yes


In total, 42 vulnerabilities are found in the Aqua platform as per the composite filter.