TABLE OF CONTENTS
- Review security issues in an image
- Image scan detail view
This topic explains the security issues found in an image during its scanning and all the information about an image and its scan results in the image detail view.
Review security issues in an image
In the Images > General page, Security Issues column of the images may show the following issues:
- A bar, with one or more colored segments. This represents the security issues found during the most recent scan of the images in the repository.
- The number of instances of malware
- The number of instances of sensitive data
A bar appears in an entry for a repository, it provides a quick visual indication of the most important security issues found in the images of that repository. When you expand the entry for a repository by clicking the right-arrow (>) to the left of the repository name, the bar indicates the number and type of security issues found for each image.
Different color coding and the representation of each color in the security issues bar is explained below:
Security issues found on different images is explained in the following example:
Following are a few observations on the example to analyze the security issues:
- No security issues were detected by Aqua in the image in the
- The image
ccobutan/malware-test-debian:0.0.6was found to contain 27 vulnerabilities of varying severity and 3 instances of malware. This image was also found to be non-compliant with one or more Image Assurance Policies.
- The image hnaung/sensitive-data-test-image:latest contains 48 vulnerabilities and 3 instances of sensitive data. It is also non-compliant.
Image scan detail view
You should click the image name to see detail view of the image and its scan results. Image detail view consists of the following tabs and are explained in the different sections below:
- Sensitive Data
- Scan History
This tab shows the following information:
- Image compliance status
- Details widget shows the number and types of vulnerabilities in a pie chart
- Evaluation status of each image assurance policy (If the image is non-compliant)
- Policy controls that failed the image compliance (If the image is non-compliant)
In the example shown above:
- The Vulnerability_6 assurance policy failed, due to failure of the vulnerability severity control
- Details widget shows that 27 vulnerabilities of different types shown in the pie chart
This tab shows the following information on a specific image:
- List of all vulnerabilities by their severity found in the image during is recent scan
- Basic information on all vulnerabilities such as its severity, resource, exploit availability, vendor fix availability
- Vulnerability detail view
The list is always filtered by one of the vulnerability severity levels: critical, high, medium, low, or negligible at the top of the page. The following screenshot shows the list filtered with vulnerabilities of high severity:
You can filter the list of vulnerabilities using controls at the top of the page as explained below:
- Score: filters vulnerabilities of severity ranging from 0 through 10.
- Search by CVE or resource: You can enter the vulnerability or resource name to find the required vulnerability
- More Filters:
- Acknowledge: Yes or No
- Vendor Fix: Yes or No
- Exploit Availability: Available or Not Available
- Exploit Type: either Remote, DoS, Local, or Web Apps
For example, the following screenshot shows filtered list of vulnerabilities of high severity for which a vendor fix and exploit is available:
Vulnerability detail view
Vulnerability detail view appears when you click the specific vulnerability. It displays detailed information about the vulnerability. Following are the different actions that you can perform on the vulnerability detail view:
- Acknowledge: You can click Acknowledge to perform this action. Once you acknowledge the vulnerability, it is removed from the list. For more information, refer to Apply and Manage Security Issue Acknowledgments.
- NVD (National Vulnerability Database): You can click the NVD CVSS score to open the NVD web page on the vulnerability in a new tab (if available)
- Open the software vendor's web page on the vulnerability (if available)
- Image link: You can click the image name and navigate to the Risk tab.
This tab displays vulnerabilities found in each layer of the image during recent scan. The scan results are reported for each layer after recent scan, as applicable after the image layers are merged. This means that the screen does not show vulnerabilities that do not exist anymore, even if they were in previous (older) image layers. This page is used to filter the layers with vulnerabilities and fix them to improve the security of an image.
The following are the prerequisites to display the layer data:
- Aqua must be configured in direct scanning mode
- For user-initiated scans through scanner CLI (Command Line Interface) commands, the flag --layer-vulnerabilities must be used while scanning through CLI. For more information, refer to scan argument.
You can filter vulnerabilities in the layers using controls at the top of the page as explained below:
You can click the right-arrow (>) to the left of a layer to display full command of the layer, from which you can copy the command using the Copy button. It also shows all the vulnerabilities in the specific layer if there are any. From there, you can perform different actions available in the Vulnerabilities tab.
This tab displays vulnerabilities found in each resource (such as a package) in the image during recent scan. This page also displays vulnerabilities found in the base image (if applicable). This information helps you fix the securities in the resources to improve security of the image.
You can find the following information about the resources of the image:
- Resource name
- Fix version
You can filter vulnerabilities in the resources using controls at the top of the page as explained below:
You can click the right-arrow (>) to the left of a resource to display full path to resource, from which you can copy the command using the Copy button. It also shows all the vulnerabilities in the specific resource if there are any. From there, you can perform different actions available in the Vulnerabilities tab.
This tab shows all sensitive data, such as passwords or keys, that were found in folders in the selected image. You can also see if the sensitive data has been acknowledged.
You can acknowledge or unacknowledge from the menu of each instance of the sensitive data. For more information, refer to Apply and Manage Security Issue Acknowledgments.
This tab shows all malware, such as viruses, that were found in folders in the selected image. You can also see if the malware has been acknowledged. You can also copy file hash and path of each malware instance using the Copy button.
You can acknowledge or unacknowledge from the menu of each instance of the malware. For more information, refer to Apply and Manage Security Issue Acknowledgments.
This tab shows details of the selected image, including its date of creation, size, location, Docker-related information, operating system, and architecture. It also includes a history of activity on the selected image since its creation such as its layers details.
This tab lists and summarizes the Image Assurance findings (compliance and security issues found) for the selected image. A new entry is created each time the findings are different from the previous image scan. If the findings are the same, the date of the previous scan is updated to that of the most recent scan.
By clicking Scan Date you can sort the list in either descending (default) or ascending order of the scan date.
In the example shown above, You can find that:
- In the first scan, the image was found to be compliant.
- In the second scan, the image was found to be non-compliant and also several vulnerabilities were found.
There could be several reasons in providing different scan results such as a change in the image, or change in any of theImage Assurance Policies whose scope includes the image.