About risk rating

A scan conducted by Kaspersky Container Security results in rating a risk of the scanned object. While scanning, the solution may detect all or some of the following security issues in objects:

• Vulnerabilities
• Malware
• Sensitive data
• Misconfigurations

Each risk detected is assigned one of the following risk ratings, based on the severity of the security threats:

• Negligible.
• Low.
• Medium.
• High.
• Critical.

If no security issues are detected during scanning, such an image is considered secure and is marked as Ok.

Risk ratings of the detected vulnerabilities, malware, sensitive data, or misconfigurations correspond to the ratings specified in the security threat databases, which are used for scanning (for example, NVD, VDB). These vulnerability and threat databases use special scoring scales to assess the severity of security threats. For example, the Common Vulnerability Scoring System (CVSS) is applied in the NVD.

The object is assigned the highest severity level of all the detected with an appropriate risk rating.

For example, the following security threats were detected during an object scan:

• vulnerabilities with the low level of severity;
• confidential data with the high and critical levels of severity;
• configuration errors with the medium severity level;
• malware with the low severity level.

Here, the risk rating is critical in accordance with the highest severity level of the detected threats.