Vulnerability Scanning

vSphere Integrated Containers uses the open source project Clair to scan images for known vulnerabilities. Management Portal administrators and DevOps administrators can set threshold values that restrict vulnerable images that exceed the threshold from being run. You can run a vulnerability scan on all images, on a per-project level, or on individual images. Once an image is uploaded into the registry, Clair checks the various layers of the image against known vulnerability databases and reports issues to the administrators.

Prerequisites

You must allow firewall access from your vSphere Integrated Containers instance to the following URLs so that Clair can sync its database.

Item Database URL
Ubuntu https://launchpad.net/ubuntu-cve-tracker
Red Hat Enterprise Linux https://www.redhat.com/security
Oracle https://linux.oracle.com/oval/
Debian https://security-tracker.debian.org
Alpine https://git.alpinelinux.org
National Vulnerability Database http://static.nvd.nist.gov
CVE information https://cve.mitre.org/

For information about how to run scans, see the following topics:

results matching ""

    No results matching ""