View the List of Vulnerabilities
This feature is not Generally Available yet. You can refer to this document only if your Aqua environment is enabled with the feature, Suppression of image vulnerabilities. If you are interested to experience this, please contact Aqua Support for enabling the feature.Vulnerability instances
Each entry (row) of the Vulnerabilities section of the Aqua UI is an instance of a vulnerability found during one image during scanning of the image. Therefore, if a given vulnerability was found in N images, it will appear in the list N times.
We will generally use the term vulnerability to mean an instance of a vulnerability.
The screenshot below shows a Vulnerabilities screen filtered for vulnerabilities whose name contains the text string CVE-2021-44228; there were 11 instances of this same vulnerability found during scanning. Note that you can filter only in All Vulnerabilities display mode:
The row corresponding to each vulnerability contains the following information:
| Column heading | Meaning |
|---|---|
Vulnerability | ID of the vulnerability found |
Image | The image in which the vulnerability was found Therefore, the Vulnerability and the Image values comprise a unique identifier of the vulnerability instance. |
Severity | Severity of the vulnerability: negligible, low, medium, high, or critical |
Workloads | The number of containers, based on the image, which are currently running |
Namespace | The Kubernetes namespace in which the vulnerability was found |
Resource | The image resource in which the vulnerability was found |
Exploit Availability | A checkmark indicates the availability of an exploit in the wild |
Vendor Fix | A checkmark indicates the availability of a software vendor fix for the vulnerability |
QIDs | If Qualys is integrated with Aqua, this column displays the Qualys ID(s) associated with the vulnerability |
vShield Status | See Vulnerability Shield (vShield) status below |
Acknowledgment | See Acknowledgment status below |
Vulnerability Shield (vShield) status
A Vulnerability Shield (vShield) prevents attackers from being able to exploit a specific vulnerability instance, in all containers based on the image in question. Aqua Security Research employs technology to analyze vulnerabilities and, in many cases, generate vShields for images containing that vulnerability.
Read the topic Reactive Risk Management to learn more about vShields and their role in Image Assurance.
The vShield Status column of the Vulnerabilities page can contain any of the values listed in the following table. The table also shows the corresponding status (used for filtering the list of vulnerabilities), describes the status, and explains what clicking the status icon (if present) will do.
| Value | vShield Status | Explanation and available action |
|---|---|---|
| vShield | vShield Available | Aqua Security has generated a vShield for this vulnerability instance; it is available for you to apply it. |
| Click the icon to apply a vShield. | ||
| Audit (No Events) | vShield Audit | A vShield has been applied to this vulnerability instance; its Enforcement Mode is set to Audit. |
| The number shows the number of audit events generated by this vShield. | ||
| Click the icon to modify or delete the vShield. | ||
| Enforce (No Events) | vShield Enforce | A vShield has been applied to the vulnerability instance; its Enforcement Mode is set to Enforce. |
| The number shows the number of audit events generated by this vShield. | ||
| Click the icon to modify or delete the vShield. | ||
| (blank) | No vShield | There is no vShield available currently for this vulnerability instance. |
| No action is available. |
Suppression status
See Reactive Risk Management for an explanation of the effects of suppressing a vulnerability.
Apply and Manage Security Issue Manual Suppressions explains how to suppress a vulnerability manually. As explained in Suppression applicability, you can apply the suppression to a single instance or multiple images. In other words, suppression can apply to multiple vulnerability instances.
The Suppression column of the Vulnerabilities page shows the suppression status of the vulnerabilities which are suppressed either manually or through a suppression rule. This column can contain either of the values listed in the following table. The table also describes the status and explains what clicking the status icon (if present) will do.
| Value | Explanation |
|---|---|
| Suppress | The vulnerability instance has not been suppressed. |
| Click the icon to Suppress the vulnerability. | |
| 3 days ago | The vulnerability instance was acknowledged N (3, in this case) days ago. This status is shown for the vulnerabilities which are suppressed either manually or through a suppression rule. |
| Click the icon to unsuppress (remove the suppression) the vulnerability. This action is possible only for the vulnerabilities suppressed manually. |
Filter the list
When the Vulnerabilities screen is in All Vulnerabilities display mode, you can filter the list of vulnerabilities by any or all of these criteria:
| Criteria set | Label | Filters on |
|---|---|---|
| Vulnerability Details | ID or Resource | A substring of either a vulnerability ID or a resource name |
| Application Scope(s) | Select an application scope to filter vulnerabilities detected in the images which are categorized under the selected application scope | |
| Severity | Vulnerability severity | |
Exploit Availability | Whether there is an exploit in the wild for the vulnerability | |
| Exploit Type | Remote, DoS (denial-of-service), Local, Web Apps | |
| Note: This information is not displayed in the list of vulnerabilities. | ||
| Environment Details | Registry | The registry of the image containing the vulnerability |
| Deployment | The Kubernetes deployment of the running container(s) that are based on the image | |
| Workloads | Whether there are any workloads running an image containing the vulnerability | |
| Namespace | The Kubernetes namespace of the running container(s) that are based on the image | |
| You can select multiple namespaces to display all the vulnerabilities found in them | ||
| Cluster | The Kubernetes cluster which has the running container(s) that are based on the image | |
| Solution Details | Vendor Fix | Whether a fix for the vulnerability is available from the software vendor |
vShield status | See vShield status | |
| Suppression Status | See Suppression status | |
| More Filters | Score | Vulnerabilities having the score which exceeds or matches the score selected in this filter |
You can also clear any or all of the active filters by clicking x on the icons in the Active Filters bar:
Select a vulnerability for further actions
Click an item in the Vulnerabilities list; you will see a window that provides details about the vulnerability:
One or more of the following action icons will appear at the bottom of the window, as available. Click any of the items below to see documentation on the use of the action:
- vShield: apply a Vulnerability Shield (vShield) to the vulnerability instance
- Suppress: Apply and Manage Security Issue Manual Suppressions
Did you find it helpful? Yes No
Send feedback