Vulnerability Findings (Image Assurance)

CloudGuard creates Vulnerability findings for ContainerClosed A lightweight and portable executable image that contains software and all of its dependencies. Containers decouple applications from underlying host infrastructure to make deployment easier in different cloud or OS environments, and for easier scaling. images based on the assigned policy.

CloudGuard automatically creates a policy with a default Image Assurance ruleset for applicable clusters. If the default policy is sufficient, no more actions are necessary. If the onboarded environments is part of an Organizational Unit with an Image Assurance policy, no default policy is associated with the environment.

To see the findings in the CloudGuard portal:

  1. Navigate to Workload Protection > Containers Assets > Images.

  2. Select an image. Use Environment, Asset Type, or other criteria to filter images.

  3. Go to the Posture Findings tab. Make sure you set the period selector to All to see all findings for the image.

  4. To see the findings on the All Events, click Show in alerts page.

To see the vulnerability findings for all clusters and images in the account, navigate to Workload Protection > Vulnerabilities > Findings.

CloudGuard creates the findings when it scans the image for the first time. Afterward, the CloudGuard portal checks it (one time) in several hours for changes or newly discovered vulnerabilities.

To see findings for your AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. ECSClosed Amazon Elastic Container Service (ECS) - a fully managed container orchestration service that helps you deploy, manage, and scale Docker containers running applications, services, and batch processes. images, use the filter for the AWS Platform and AwsEcsImage Entity Type. In addition, see the vulnerabilities in the AWS ECS image object.

On this page, use the Filter and Search toolbar to select parameters to filter out from the Findings table.

Use these preconfigured filters:

  • Environment or OU - Select one or more cluster environments or organizational units.

  • Severity - Select from the available alert severity objects.

  • Ruleset - Select from the available rulesets.

To see the workloads that use vulnerable images:

  1. Navigate to Workload Protection > Vulnerabilities > Findings.

  2. Select one of the findings. On the right, the entity card shows information about the image.

  3. Click the image link. CloudGuard redirects you to the asset page of the image.

  4. The Overview page shows workloads that contain this image. For more information about Overview, see Asset Details.

Categories of Findings

Image Assurance finds different types of findings grouped in the categories:

  • CVE - Common Vulnerabilities and Exposures

  • MaliciousURL

  • MaliciousIP - For more details, see Malicious IP Classification

  • MaliciousFile - Malware

  • InsecureCode

  • InsecureContent - Credential leakage

    Note - This feature is in Early Availability.

  • ImageScan - Indicates that the number of issues or severity of the issues found on an image exceeds a preconfigured threshold. See Image Scan Findings

  • Package - Package license, package info, and CVEs

Details of Findings

The fields in Image Assurance findings are almost the same as other findings fields in the Entity Card.

Fields for KubernetesClosed Kubernetes, often abbreviated as “K8s”, orchestrates containerized applications to run on a cluster of hosts. images:

More Links