Fortinet black logo

Version:

Version:

Version:

Version:


Table of Contents

Online Help

Container Image

All Kubernetes Cluster registries monitored by Container Protection are monitored and scanned periodically for vulnerability using Common Vulnerability and Exposure (CVE) index. The list of vulnerabilities can be found in FortiView > Container Image. Container Image vulnerabilities can be viewed in three different perspectives:

Prerequisite

Container Image vulnerabilities require container registry and Kubernetes cluster to be setup with Container Protection.

  1. Register the Kubernetes cluster account credential with the Credential Store in Add Credential Store.
  2. Setup a kubernetes cluster with Kubernetes Agent installed in Add Kubernetes Cluster
  3. Create a container registry to add repositories through Add Registry

 

Registry/Repository View

Registry/Repository View shows the Vulnerability detected with repository perspective. Vulnerabilities are categorized by repository and cloud platforms (Azure Container Registry, AWS Elastic Container Registry, Google Container Registry, Harbor, and Openshift).

Click on the left cloud platform Registry/Repository to display the registry info.

The Repositories have green or red light status.

Red light - means the registry is disconnected from Container Protection and requires attention.

Green light - means the registry is connected and protected by Container Protection, and Container Protection is able to evaluate all the images in the repository and provide assessment on vulnerability assessment.

The Vulnerability distribution line chart has 4 severity levels.

The following table explains the severity level by color:

Color

Vulnerability Severity Level

  Critical severity level vulnerability
  High severity level vulnerability
  Medium severity level vulnerability
  Low severity level vulnerability

When clicking on the image detail button , Image Detail page will display the image's CVE vulnerabilities.

The Risk Score gives an overall vulnerability rating of all the vulnerabilities found on the image. For more details on how the risk score is derived, please see Appendix D - Risk Score Algorithm.

The Fix Available Column shows the vulnerabilities with fixes available on different version of Operating System. When you click on More CVE Info, it will show the description with the link to the CVE on National Vulnerability Database(NVD).

Image View

Image View can be accessed by clicking on the Image tab. Image View shows the Vulnerability detected from repositories with registry perspective.

 

 

Vulnerability View

Vulnerability View categorized vulnerability with the perspective of CVE(Common Vulnerability Exposures) ID.

The Detected in column shows the number of the images that are detected to have the specific vulnerability. When clicking on it, only the images with the specific vulnerability will be shown.

The Fix Available column works like the Registry View where it shows which CVE has fixes available.

When clicking on More CVE Info, there will be detailed description of the CVE ID with a link to the National Vulnerability Database about the CVE ID. The list of fixes available is shown by the operating system and package.

 

 

 

 

 

 

 

 

 

 

 

 

Container Image

All Kubernetes Cluster registries monitored by Container Protection are monitored and scanned periodically for vulnerability using Common Vulnerability and Exposure (CVE) index. The list of vulnerabilities can be found in FortiView > Container Image. Container Image vulnerabilities can be viewed in three different perspectives:

Prerequisite

Container Image vulnerabilities require container registry and Kubernetes cluster to be setup with Container Protection.

  1. Register the Kubernetes cluster account credential with the Credential Store in Add Credential Store.
  2. Setup a kubernetes cluster with Kubernetes Agent installed in Add Kubernetes Cluster
  3. Create a container registry to add repositories through Add Registry

 

Registry/Repository View

Registry/Repository View shows the Vulnerability detected with repository perspective. Vulnerabilities are categorized by repository and cloud platforms (Azure Container Registry, AWS Elastic Container Registry, Google Container Registry, Harbor, and Openshift).

Click on the left cloud platform Registry/Repository to display the registry info.

The Repositories have green or red light status.

Red light - means the registry is disconnected from Container Protection and requires attention.

Green light - means the registry is connected and protected by Container Protection, and Container Protection is able to evaluate all the images in the repository and provide assessment on vulnerability assessment.

The Vulnerability distribution line chart has 4 severity levels.

The following table explains the severity level by color:

Color

Vulnerability Severity Level

  Critical severity level vulnerability
  High severity level vulnerability
  Medium severity level vulnerability
  Low severity level vulnerability

When clicking on the image detail button , Image Detail page will display the image's CVE vulnerabilities.

The Risk Score gives an overall vulnerability rating of all the vulnerabilities found on the image. For more details on how the risk score is derived, please see Appendix D - Risk Score Algorithm.

The Fix Available Column shows the vulnerabilities with fixes available on different version of Operating System. When you click on More CVE Info, it will show the description with the link to the CVE on National Vulnerability Database(NVD).

Image View

Image View can be accessed by clicking on the Image tab. Image View shows the Vulnerability detected from repositories with registry perspective.

 

 

Vulnerability View

Vulnerability View categorized vulnerability with the perspective of CVE(Common Vulnerability Exposures) ID.

The Detected in column shows the number of the images that are detected to have the specific vulnerability. When clicking on it, only the images with the specific vulnerability will be shown.

The Fix Available column works like the Registry View where it shows which CVE has fixes available.

When clicking on More CVE Info, there will be detailed description of the CVE ID with a link to the National Vulnerability Database about the CVE ID. The list of fixes available is shown by the operating system and package.