Vulnerability Scanning

vSphere Integrated Containers uses the open source project Clair to scan images for known vulnerabilities. Management Portal administrators and DevOps administrators can set threshold values that restrict vulnerable images that exceed the threshold from being run on a per-project level. Once an image is uploaded into the registry, Clair checks the various layers of the image against known vulnerability databases and reports issues to the administrators.

Prerequisites

You must allow firewall access from your vSphere Integrated Containers instance to the following URLs so that Clair can sync its database.

Item Database URL
Ubuntu https://launchpad.net/ubuntu-cve-tracker
Red Hat Enterprise Linux https://www.redhat.com/security
Oracle https://linux.oracle.com/oval
Debian https://security-tracker.debian.org
Alpine https://git.alpinelinux.org
National Vulnerability Database http://static.nvd.nist.gov
CVE information https://cve.mitre.org/

results matching ""

    No results matching ""