This topic explains how can you export vulnerabilities that are found while scanning images, from the Security Reports > Vulnerabilities page. From the Vulnerabilities page, you can export two types of information on vulnerabilities:

  • A CSV-formatted file having all vulnerabilities displayed
  • A report on the most recently (Weekly) discovered vulnerabilities (Applicable plan: Advanced)

You can also display the information that the Aqua CyberCenter maintains for a specific vulnerability.

Export vulnerabilities to a CSV-formatted file

You can export information on all the image vulnerabilities from the Vulnerabilities page, to a CSV-formatted file. The exported information takes the list filtering into account at the time of export. The file contains a header row that describes the contents of the file, followed by one row for each vulnerability instance. There may be multiple vulnerability instances for a unique vulnerability. 

Note: If you use either Aqua Advanced or Enterprise plan, You can export vulnerabilities from either Risk-based Insights or All Vulnerabilities page.

To export vulnerabilities list:

  1. Click the Export Vulnerabilities button at the top right of the page.
  2. From dropdown, select one of the following two options:
  • CSV: Create a normal (uncompressed) CSV file
  • Compressed CSV: Create a CSV file that has been compressed using [Gzip] ( It might require extraction before it can be read.

You can now see that vulnerabilities are exported to either CSV or compressed CSV file and downloaded into your machine.

Data caching in CSV export

Whenever a CSV is exported for all vulnerabilities, an internal cache of the records is maintained for 3 hours. This cache mechanism has been implemented to reduce costly database operations. This cache is maintained unless there is a change in any of the following (happens when new images are added or existing images re-scanned):

  • Image creation date

  • Last acknowledgement date
  • Total image count

Design Limitation: If a user exports vulnerability data to a CSV file without any filter, the cached records will be exported. Therefore, the exported CSV file may not reflect the latest changes to the vulnerabilities caused by re-scanning (within the 3-hour caching period). In such cases, the only workaround is to use any filter and then export the data. Otherwise, you need to wait 3 hours for the cache to be removed.

Export a report on recent vulnerabilities

You can export a detailed PDF report about all image vulnerabilities detected during the most recent 7 days. This includes vulnerabilities detected during re-scanning of the previously existing images, as well as first-time scanning of images added to Aqua during the most recent 7 days.

Contents of the report is self-explanatory. The report includes both tabular and graphical data. The latter is presented in the form of dashboard widgets, which are also available on the actual dashboard.

To export weekly report on vulnerability list:

  1. Click the Export Vulnerabilities button at the top right of the page.
  2. From the dropdown, select Weekly Report. You can now see that weekly report of the vulnerability list filtered for the most recent 7 days is displayed in the same tab.

     3. Click Save PDF or Print to save or print the document respectively.

     4. Click Back to Aqua to navigate back to the Aqua platform again.

Limitation: The PDF lists a maximum of 2,000 vulnerabilities. If more than 2000 vulnerabilities are found in the most recent 7 days, the 2,000 of the highest severity are included in the report, and the total number (which may be approximate) of vulnerabilities is shown.

Look up vulnerability information in Aqua CyberCenter

Aqua uses CyberCenter (Aqua database) to determine which vulnerabilities should be scanned for in your images. Therefore, by definition, all vulnerabilities found in any of your images are known to Aqua CyberCenter. In general, CyberCenter is aware of many more vulnerabilities that those found in your images.

To search CyberCenter for a specific vulnerability, refer to Query CyberCenter for Vulnerability Information.