Detailed information about detected vulnerabilities

To view detailed information about vulnerabilities detected in an image:

In the window with image scan results, select the Vulnerabilities tab.

The list of vulnerabilities detected during image scanning is presented as a table with the following information provided for each vulnerability:

• The Vulnerability column contains the ID of the vulnerability entry. The identifier is given in the CVE-YYYY-X... format, where:
  • CVE is a prefix that indicates that the vulnerability is included in the database of known vulnerabilities and security defects.
  • YYYY is the year when the vulnerability was reported.
  • X... is the number assigned to the vulnerability by authorized bodies.
• The Severity column specifies the severity level of a vulnerability based on its risk rating.

  If a vulnerability contains an exploit, an exploit icon () is displayed next to the severity level.

• The Resource column indicates the installed containerized resource in which the vulnerability was detected.

You can accept the risk of the vulnerability by clicking the Accept button in the Risk acceptance column.

To view detailed information about a vulnerability detected in an image:

1. Do one of the following:
   • In the window with the image scan results, go to the Vulnerabilities tab and click the link with the vulnerability entry ID in the Vulnerabilities column of the table.
   • In the Vulnerabilities section on the dashboard, click the link with the vulnerability record ID.
2. This opens the sidebar with the following information about the detected vulnerability:
   • Vulnerability entry identifier
   • Description of the vulnerability from the vulnerability database. The description is provided in the language of the vulnerabilities database. For example, descriptions of vulnerabilities from the NVD are displayed in English.
   • The General information tab displays the following:
     • Vulnerability severity level
     • Installed resource in which the vulnerability was detected.
     • Vulnerability severity score based on the CVSS open standard in the NVD, VDB, and RED OS vulnerability databases, as well as the final consolidated vulnerability severity score.

       Russian general-purpose operating system RED OS supports scanning for vulnerabilities that can threaten the functioning of services and workstations.

       The Data Security Threats Database (DSTD or VDB) is a national vulnerability database maintained by the Russian Federal Service for Technical and Export Control (FSTEC).

       The National Vulnerability Database is the United States Government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol.

       Common Vulnerability Scoring System is an open standard for scoring vulnerabilities. CVSS specifies a set of metrics and formulas for scoring vulnerability severity, with values from 0 (minimum) to 10 (maximum). CVSS allows you to allocate vulnerability response efforts based on vulnerability severity.

     On this tab, you can accept the risk of the vulnerability by clicking Accept.

     The Accept button is not displayed and risk acceptance is not possible when the sidebar is open on the dashboard.

   • The Scan details tab displays the following:
     • Image in which the vulnerability was detected
     • Operating system that was scanned
     • Date and time when the vulnerability was first detected
     • Date and time of the last time the image was scanned
   • The Workloads tab displays a list of detected workloads and the number of workloads.