All Kubernetes Cluster registries monitored by Container Protection are monitored and scanned periodically for vulnerability using Common Vulnerability and Exposure (CVE) index. The list of vulnerabilities can be found in FortiView > Container Image. Container Image vulnerabilities can be viewed in three different perspectives:
Container Image vulnerabilities require container registry and Kubernetes cluster to be setup with Container Protection.
- Register the Kubernetes cluster account credential with the Credential Store in Add Credential Store.
- Setup a kubernetes cluster with Kubernetes Agent installed in Add Kubernetes Cluster
- Create a container registry to add repositories through Add Registry
Registry/Repository View shows the Vulnerability detected with repository perspective. Vulnerabilities are categorized by repository and cloud platforms (Azure Container Registry, AWS Elastic Container Registry, Google Container Registry, Harbor, and Openshift).
Click on the left cloud platform Registry/Repository to display the registry info.
The Repositories have green or red light status.
Red light - means the registry is disconnected from Container Protection and requires attention.
Green light - means the registry is connected and protected by Container Protection, and Container Protection is able to evaluate all the images in the repository and provide assessment on vulnerability assessment.
The Vulnerability distribution line chart has 4 severity levels.
The following table explains the severity level by color:
Vulnerability Severity Level
|Critical severity level vulnerability|
|High severity level vulnerability|
|Medium severity level vulnerability|
|Low severity level vulnerability|
When clicking on the image detail button , Image Detail page will display the image's CVE vulnerabilities.
The Risk Score gives an overall vulnerability rating of all the vulnerabilities found on the image. For more details on how the risk score is derived, please see Appendix D - Risk Score Algorithm.
The Fix Available Column shows the vulnerabilities with fixes available on different version of Operating System. When you click on More CVE Info, it will show the description with the link to the CVE on National Vulnerability Database(NVD).
Image View can be accessed by clicking on the Image tab. Image View shows the Vulnerability detected from repositories with registry perspective.
Vulnerability View categorized vulnerability with the perspective of CVE(Common Vulnerability Exposures) ID.
The Detected in column shows the number of the images that are detected to have the specific vulnerability. When clicking on it, only the images with the specific vulnerability will be shown.
The Fix Available column works like the Registry View where it shows which CVE has fixes available.
When clicking on More CVE Info, there will be detailed description of the CVE ID with a link to the National Vulnerability Database about the CVE ID. The list of fixes available is shown by the operating system and package.