This feature is not Generally Available yet. You can refer to this document only if your Aqua environment is enabled with the feature, Suppression of image vulnerabilities. If you are interested to experience this, please contact Aqua Support for enabling the feature.


Sample screenshot


Description

This tab shows, for the selected image:

  • The counts, by severity, of all vulnerabilities found during the most recent scan
  • Basic information on all vulnerabilities found
  • More details: Click the vulnerability name. The detail includes:
    • Score, on a scale ranging from 1 through 10. This is based on the vendor's published score for the vulnerability if available; or, alternatively, the NVD score.
    • The Fix reported by Aqua displays the date when Aqua reports the fix. Aqua acquires this information from various data sources such as vendors and NVD.
    • View details of the CWE ID for a particular CVE. Each CVE can have multiple CWEs mapped. The CWE details are added for the images that are scanned by Classic or Trivy Premium scanners.


For example:



Filtering the list

The list is always filtered by one of the vulnerability severity levels: critical, high, medium, low, or negligible. This screenshot shows the list filtered for vulnerabilities of low severity:



You can also filter this list by any or all of these criteria:


Criteria setLabelFilters on
Vulnerability DetailsID or ResourceA substring of either a vulnerability ID or a resource name
SeverityVulnerability severity
Exploit AvailabilityWhether there is an exploit in the wild for the vulnerability
Exploit TypeRemote, DoS (denial-of-service), Local, Web Apps
Note: This information is not displayed in the list of vulnerabilities.
Solution DetailsVendor FixWhether a fix for the vulnerability is available from the software vendor
vShield statusSee vShield status
Suppression StatusSee Suppression status
More FiltersScoreVulnerabilities having the score which exceeds or matches the score selected in this filter


For example, the following screenshot shows filtering for vulnerabilities of critical severity, whose names contain the text string "CVE-2021", for which a vendor fix is available:



To undo all selected filters (other than severity) click x Clear Filters.


Actions available

These actions are available in the Vulnerabilities tab of the Images page.


From the vulnerability detailed view, which appears when you click the vulnerability name:

By clicking on an entry under the vShield Status column:

By clicking on an entry under the Suppression column: