Image Scan Findings

CloudGuard creates Image Assurance findings for KubernetesClosed Kubernetes, often abbreviated as “K8s”, orchestrates containerized applications to run on a cluster of hosts. images based on the assigned policy.

The findings of the ImageScan category include events related to CVEs, packages, sensitive data, and malware. For them, you can receive an email (or other notification) that contains aggregated information about all these findings.

To do this, create a new Image Assurance policy in three steps:

  1. Create a new ruleset.

  2. Create a new notification.

  3. Configure a new policy.

Viewing ImageScan Findings

  1. Navigate to Workload Protection > Vulnerabilities > Findings.

  2. Filter the view by Category : ImageScan. Click an applicable finding.

    If the ImageScan category is not available, see Limitations.

  3. The finding overview contains information about the image risk score, statistics of findings by severity, and the aggregated remediation (click Show more to see it). Full information is available in JSONClosed JavaScript Object Notation. A lightweight data interchange format. format through the configured notification.

    Note - In the finding notification, the description and remediation appear separately for the rule and for the ImageScan entity. In the ImageScan entity, CloudGuard generates the finding information:

    • For remediation, it creates an aggregated remediation from all applicable vulnerabilities.

    • For description, it aggregates data with all statistics of the image vulnerabilities.

    In Jira notifications only, the generated data concatenate with the values of Description and Remediation configured in the rule.

  4. The finding description is available as a tooltip when you put the cursor on the finding row and the Description column in the findings table.

Limitations

  • Sometimes, the ImageScan category is not available in the filter when you create a notification. This happens with newly onboarded environments where CloudGuard has not finished yet to scan images for the first time. Wait approximately 5-10 minutes to let it finish and try again.

  • The remediation length is limited to 25,600 symbols. The remediation that exceeds this length is truncated to 25,600 symbols.

More Links