Fortinet white logo
Fortinet white logo

Online Help

Container Image

Container Image

All Kubernetes Cluster registries monitored by Container Protection are monitored and scanned periodically for vulnerability using Common Vulnerability and Exposure (CVE) index. The list of vulnerabilities can be found in FortiView > Container Image. Container Image vulnerabilities can be viewed in three different perspectives:

Prerequisite

Container Image vulnerabilities require container registry and Kubernetes cluster to be setup with Container Protection.

  1. Register the Kubernetes cluster account credential with the Credential Store in Add Credential Store.
  2. Setup a kubernetes cluster with Kubernetes Agent installed in Add Kubernetes Cluster
  3. Create a container registry to add repositories through Add Registry

Registry/Repository View

Registry/Repository View shows the Vulnerability detected with repository perspective. Vulnerabilities are categorized by repository and cloud platforms (Azure Container Registry, AWS Elastic Container Registry, Google Container Registry, Harbor, and Openshift).

Click on the left cloud platform Registry/Repository to display the registry info.

The Repositories have green or red light status.

Red light - means the registry is disconnected from Container Protection and requires attention.

Green light - means the registry is connected and protected by Container Protection, and Container Protection is able to evaluate all the images in the repository and provide assessment on vulnerability assessment.

The Vulnerability distribution line chart has 4 severity levels.

The following table explains the severity level by color:

Color

Vulnerability Severity Level

Critical severity level vulnerability
High severity level vulnerability
Medium severity level vulnerability
Low severity level vulnerability

When clicking on the image detail button , Image Detail page will display the image's CVE vulnerabilities.

The Fix Available Column shows the vulnerabilities with fixes available on different version of Operating System. When you click on More CVE Info, it will show the description with the link to the CVE on National Vulnerability Database(NVD).

Image View

Image View can be accessed by clicking on the Image tab. Image View shows the Vulnerability detected from repositories with registry perspective.

Vulnerability View

Vulnerability View categorized vulnerability with the perspective of CVE(Common Vulnerability Exposures) ID.

The Detected in column shows the number of the images that are detected to have the specific vulnerability. When clicking on it, only the images with the specific vulnerability will be shown.

The Fix Available column works like the Registry View where it shows which CVE has fixes available.

When clicking on More CVE Info, there will be detailed description of the CVE ID with a link to the National Vulnerability Database about the CVE ID. The list of fixes available is shown by the operating system and package.

Container Image

Container Image

All Kubernetes Cluster registries monitored by Container Protection are monitored and scanned periodically for vulnerability using Common Vulnerability and Exposure (CVE) index. The list of vulnerabilities can be found in FortiView > Container Image. Container Image vulnerabilities can be viewed in three different perspectives:

Prerequisite

Container Image vulnerabilities require container registry and Kubernetes cluster to be setup with Container Protection.

  1. Register the Kubernetes cluster account credential with the Credential Store in Add Credential Store.
  2. Setup a kubernetes cluster with Kubernetes Agent installed in Add Kubernetes Cluster
  3. Create a container registry to add repositories through Add Registry

Registry/Repository View

Registry/Repository View shows the Vulnerability detected with repository perspective. Vulnerabilities are categorized by repository and cloud platforms (Azure Container Registry, AWS Elastic Container Registry, Google Container Registry, Harbor, and Openshift).

Click on the left cloud platform Registry/Repository to display the registry info.

The Repositories have green or red light status.

Red light - means the registry is disconnected from Container Protection and requires attention.

Green light - means the registry is connected and protected by Container Protection, and Container Protection is able to evaluate all the images in the repository and provide assessment on vulnerability assessment.

The Vulnerability distribution line chart has 4 severity levels.

The following table explains the severity level by color:

Color

Vulnerability Severity Level

Critical severity level vulnerability
High severity level vulnerability
Medium severity level vulnerability
Low severity level vulnerability

When clicking on the image detail button , Image Detail page will display the image's CVE vulnerabilities.

The Fix Available Column shows the vulnerabilities with fixes available on different version of Operating System. When you click on More CVE Info, it will show the description with the link to the CVE on National Vulnerability Database(NVD).

Image View

Image View can be accessed by clicking on the Image tab. Image View shows the Vulnerability detected from repositories with registry perspective.

Vulnerability View

Vulnerability View categorized vulnerability with the perspective of CVE(Common Vulnerability Exposures) ID.

The Detected in column shows the number of the images that are detected to have the specific vulnerability. When clicking on it, only the images with the specific vulnerability will be shown.

The Fix Available column works like the Registry View where it shows which CVE has fixes available.

When clicking on More CVE Info, there will be detailed description of the CVE ID with a link to the National Vulnerability Database about the CVE ID. The list of fixes available is shown by the operating system and package.