TABLE OF CONTENTS

Overview

This topic explains how to acknowledge a security issue and update or remove the existing acknowledgement. You can perform the following different actions on the security issues related to acknowledgements:

  • Acknowledge any kind of security issue: vulnerability, sensitive data, or malware
  • Optionally set an expiration period for the acknowledgement
  • Cancel an existing acknowledgement or change its expiration period

Acknowledgment applicability

When you acknowledge a security issue, you should select the applicability of the acknowledgment. The supported options are:

  • Only the image that you have selected
  • All images from the repository of the selected image
  • All images registered with Aqua

Once you set the applicability, Aqua retains it as a rule for future use. This means, following actions are performed for the respective option:

  • Option 1: Aqua will apply the acknowledgment to all updates of the selected image.
  • Option 2:  Aqua will apply the acknowledgment to all new or updated images in the repository of the selected image
  • Option 3: Aqua will apply the acknowledgement to all new or updated images registered with Aqua

UI locations to acknowledge security issues

You can acknowledge security issues from different Aqua pages for vulnerabilities, malware, and sensitive data as explained in the following sections.

Images page

To acknowledge security issues from the Images page:

  1. Navigate to the Images page.
  2. Select the required image to acknowledge the security issues in it.
  3. Select the tab corresponding to the kind of security issue that you want to manage: Vulnerabilities, Sensitive Data, or Malware.
  4. Perform the following acknowledgement related actions in the respective tabs:
  • Vulnerabilities tab: In the Acknowledgement column of any vulnerability, click the Acknowledge button
  • Sensitive Data tab: From the menu of the any sensitive data instance, select Acknowledge
  • Malware tab: From the menu any malware instance, select Acknowledge


       5. Perform one of the following actions as required:

  • Acknowledge the security issue by setting expiration of the acknowledgement
  • Set, update, or cancel the expiration of an existing acknowledgment
  • Unacknowledge (remove) an existing acknowledgment

Images > Acknowledgements page

From the Images > Acknowledgements page, you can perform the following actions on the specific acknowledgement:

  • Update, or cancel the expiration of the acknowledgment. You can also set the expiry of an acknowledgement if it was cancelled from the respective security issue tab in the Images page.



  • Unacknowledge (remove) the acknowledgment



Vulnerabilities page

You should navigate to the Security > Vulnerabilities page and click Acknowledge from the Acknowledgement columns to perform the following actions:

  • Acknowledge the vulnerability
  • Set, update, or cancel the expiration of an existing acknowledgment
  • Unacknowledge (remove) an existing acknowledgment


Acknowledge a security issue

When you acknowledge a security issue, you can see the Acknowledge Security Issue dialog as shown below. The dialogs for sensitive data and malware are quite similar.



You should perform the following actions on this dialog:

  • Select one of the three options for applicability of the acknowledgment as explained in the Acknowledgement applicability section.
  • Enter the reason for the acknowledgment (required)
  • Enable the expiration checkbox and set the number of days to delete the rule.

You should click Acknowledge after the previous actions are performed. Once a security issue is acknowledged, it is added to the Acknowledgements tab of the Images screen. If the acknowledged issue is a vulnerability, it is added to the list in the Security Issues > Vulnerabilities page.


Set the Acknowledgement expiration

When you acknowledge a security issue, you can optionally set an expiration (between 1 and 999 days from the date of setting) for the acknowledgment. The Acknowledgement rule will be deleted at the end of this period. Acknowledgment expiration can give image developers a "grace period" for providing a more durable solution for mitigating risk of the security issue.


To set expiration for the security issues that are not assigned but acknowledged:

  1. Navigate to Image > Acknowledgements.
  2. Click the required entry of a security issue. You can identify security issues, expiration of which is not set, in the Expiration column. Acknowledged at dialog appears.
  3. Click Set Expiry.
  4. Enter the number of days to expire the acknowledgement. By default, 30 days is selected.
  5. Click Set Expiry.



Update or Cancel the Acknowledgement expiration

To update expiration for the security issues that are already set the expiration:

  1. Click the required entry of a security issue. from the Image > Acknowledgements page. You can see the previously set expiration of the security issues in the Expiration column. Acknowledged at dialog appears.
  2. Click Update Expiry
  3. Update the expiration days or select Cancel expiry as required.
  4. Click Update Expiry.



Remove Acknowledgement

You can remove (unacknowledge) any acknowledgement of a security issue from the Image > Acknowledgements page. You should click Unacknowledge in the Acknowledged at dialog to remove the acknowledgement, as shown below. You can see that the specific acknowledgement is removed from the list.