Topics on this page
Configure runtime vulnerability scanning
Runtime vulnerability scanning provides visibility of operating system and open source code vulnerabilities that are part of containers running in clusters where you have Container Security installed. It provides a list of vulnerabilities, sorted based on severity, which you can select for additional information to provide context within the vulnerability view. You can search for a vulnerability by name, and filter by severity level or CVE score.
At this time, runtime vulnerability scanning cannot be used to scan registries. If you need to scan container image registries, see Trend Micro Smart Check. Runtime vulnerability scanning results do not currently integrate with deployment control and continuous compliance policies.
Vulnerability details include:
- Vulnerability Information: A description of the vulnerability, a link to details (like those listed in the Common Vulnerabilities and Exposures (CVE®) list), the vulnerable package and version, and the version of the vulnerable package which contains the fix (if available).
- Image Information: The container image where the vulnerability was detected.
- Detection Information: A list of workloads in which the vulnerability was detected including the namespace, type, container, and last detection time for each of these workloads.
Enable runtime vulnerability scanning
Register a cluster to Container Security by following the instructions in Add a cluster.
To enable runtime vulnerability scanning:
-
Add
vulnerabilityScanning.enabled=true
to your overrides YAML file (usuallyoverrides.yaml
):cloudOne: apiKey: <API_KEY> endpoint: <ENDPOINT> vulnerabilityScanning: enabled: true
-
Upgrade Container Security using the following command:
helm upgrade \ trendmicro \ --namespace trendmicro-system --create-namespace \ --values overrides.yaml \ https://github.com/trendmicro/cloudone-container-security-helm/archive/master.tar.gz
View vulnerabilities
To view vulnerabilities, you'll first need to configure runtime vulnerability scanning.
The Vulnerability View page displays vulnerabilities currently running in your clusters, sorted by severity. You can search vulnerabilities by name, and filter results by severity level or CVE score.