Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.2.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home 26.2.0 Administration Guide

    Base image scanning

    Base image scanning

    A base image, or golden image, is a standardized, preconfigured container image that serves as the foundation for other images. A base image provides a clean and tested starting point for deployments.

    Base image scanning allows you to track and manage vulnerabilities in your base images to quickly identify and prioritize fixes for vulnerabilities that affect multiple images and containers.

    As FortiCNAPP scans the images in your container registries, it automatically identifies the base images for the images it scans. If a base image is found for a scanned image, the base image is identified as a base image and the relationship is recorded.

    The risk scoring system uses this information when calculating the risk score. Base images that are used by running containers will have a higher risk score than base images that are not actively in use.

    With base image scanning, you can:

    • View base image vulnerabilities in the Vulnerabilities dashboard.

    • Determine the base image for a specific image.

    • View the images that are based on a particular base image.

    • Separate vulnerabilities found in base images from those found in custom applications and packages.

    Vulnerabilities dashboard

    Two base image fields are available in the Vulnerabilities > Explore: Container images dashboard as columns and filters:

    • Is Base Image?: Indicates whether this image is a base image.

    • Base Image ID: Identifies the base image used by this image.

    You can display these columns in the query result table and also use them as filters in the query builder. In the query builder, find them in the Container image category.

    Click the Base Image ID value in the table to view the details for the base image.

    Configuring base image scanning

    To configure base image scanning:

    1. Create an integration for the registry where your base images are stored. This can be a public or private registry.

      For more information about configuring container registries, see Integrate container registries in the FortiCNAPP Administration Guide.

    2. In Add Base Image Repositories, specify a list of the repositories within this registry that contain base images.

      When the registry is configured with base image repositories specified, FortiCNAPP will automatically determine base image relationships for container images in your integrated registries.

    Previous
    Next

    Related Videos

    sidebar video

    FortiCNAPP Base Container Demo

    • 0 views
    • 17 days ago

    Base image scanning

    Base image scanning

    A base image, or golden image, is a standardized, preconfigured container image that serves as the foundation for other images. A base image provides a clean and tested starting point for deployments.

    Base image scanning allows you to track and manage vulnerabilities in your base images to quickly identify and prioritize fixes for vulnerabilities that affect multiple images and containers.

    As FortiCNAPP scans the images in your container registries, it automatically identifies the base images for the images it scans. If a base image is found for a scanned image, the base image is identified as a base image and the relationship is recorded.

    The risk scoring system uses this information when calculating the risk score. Base images that are used by running containers will have a higher risk score than base images that are not actively in use.

    With base image scanning, you can:

    • View base image vulnerabilities in the Vulnerabilities dashboard.

    • Determine the base image for a specific image.

    • View the images that are based on a particular base image.

    • Separate vulnerabilities found in base images from those found in custom applications and packages.

    Vulnerabilities dashboard

    Two base image fields are available in the Vulnerabilities > Explore: Container images dashboard as columns and filters:

    • Is Base Image?: Indicates whether this image is a base image.

    • Base Image ID: Identifies the base image used by this image.

    You can display these columns in the query result table and also use them as filters in the query builder. In the query builder, find them in the Container image category.

    Click the Base Image ID value in the table to view the details for the base image.

    Configuring base image scanning

    To configure base image scanning:

    1. Create an integration for the registry where your base images are stored. This can be a public or private registry.

      For more information about configuring container registries, see Integrate container registries in the FortiCNAPP Administration Guide.

    2. In Add Base Image Repositories, specify a list of the repositories within this registry that contain base images.

      When the registry is configured with base image repositories specified, FortiCNAPP will automatically determine base image relationships for container images in your integrated registries.

    Previous
    Next