Vulnerability Scanning

vSphere Integrated Containers uses the open source project Clair to scan images for known vulnerabilities. Management Portal administrators and DevOps administrators can set threshold values that restrict vulnerable images that exceed the threshold from being run. You can run a vulnerability scan on all images, on a per-project level, or on individual images. Once an image is uploaded into the registry, Clair checks the various layers of the image against known vulnerability databases and reports issues to the administrators.

Prerequisites

You must allow firewall access from your vSphere Integrated Containers instance to the following URLs so that Clair can sync its database.

Item Database URL
Ubuntu https://launchpad.net/ubuntu-cve-tracker|
Red Hat Enterprise Linux https://www.redhat.com/security|
Oracle https://linux.oracle.com/oval/|
Debian https://security-tracker.debian.org|
Alpine https://git.alpinelinux.org|
National Vulnerability Database http://static.nvd.nist.gov|
CVE information https://cve.mitre.org/

For information about how to run scans, see the following topics:

results matching ""

    No results matching ""