TABLE OF CONTENTS

Overview

This topic explains the information that you can find in the Vulnerabilities page. You should navigate to the Security Reports > Vulnerabilities page to find the list of all vulnerabilities detected while scanning images in Aqua. You can access the following information and take different actions from this page: 

  • List of all (or selected) vulnerabilities that Aqua has found during scanning of your images
  • Access summary and detailed information on the status of each vulnerability
  • Perform operations related to:
    • Reactive risk management
    • Acknowledge or unacknowledge the vulnerability or change the expiration of an existing acknowledge

All Vulnerabilities

In this page, you can see that Vulnerability Details filter criteria, consists of the following four filters: 

  • Vulnerability ID or Resource
  • Severity (dropdown)
  • Exploit Availability (dropdown): Available/Not Available
  • Exploit Type (dropdown)


Clicking the Expand button exposes three additional rows of filtering criteria and filters in each as explained below: 

  • Environment Details:
    • Registry (dropdown)
    • Image Name
  • Solution Details:
    • Vendor Fix (dropdown): Yes/No
    • Acknowledgement Status (dropdown): Yes/No
  • More Filters: Score: Select vulnerability score from the bar


Example

Following screenshot shows the list of vulnerabilities that are filtered by the following criteria:

  • Vulnerability severity: Critical
  • Registry (in which the vulnerable images were found): Docker Hub
  • Vendor Fix: Yes


In total, vulnerabilities are found in the Aqua platform as per the composite filter.