Configure Vulnerability Scanning on a Per-Project Level

Management Portal administrators and DevOps administrators can set threshold values that prevent vulnerable images that exceed the threshold from being run. An automated scan on new images that are pushed to the project registry is also available.

Prerequisites

Log in to vSphere Integrated Containers Management Portal with a vSphere administrator or Management Portal administrator account. For information about logging in to vSphere Integrated Containers Management Portal, see Logging In to the Management Portal.

Procedure

1. Navigate to Administration > Projects > Your_project > Configuration.
2. To prevent vulnerable images from your project repository to run, select the Prevent vulnerable images from running check box.

3. (Optional) Change the severity level of vulnerabilities found that prevents an image to run.

   Images cannot be run if their level equals the currently selected level or higher.

4. To activate an immediate vulnerability scan on new images that are pushed to the project registry, select the Automatically scan images on push check box.

5. To verify the scan results, click the Internal Repositories tab, expand the image repository and hover over the report under vulnerability.