Table of contents

Configure runtime vulnerability scanning

Runtime vulnerability scanning provides visibility of operating system and open source code vulnerabilities that are part of containers running in clusters where you have Container Security installed. It provides a list of vulnerabilities, sorted based on severity, which you can select for additional information to provide context within the vulnerability view. You can search for a vulnerability by name, and filter by severity level or CVE score.

At this time, runtime vulnerability scanning cannot be used to scan registries. If you need to scan container image registries, see Trend Micro Smart Check. Runtime vulnerability scanning results do not currently integrate with deployment control and continuous compliance policies.

Vulnerability details include:

  • Vulnerability Information: A description of the vulnerability, a link to details (like those listed in the Common Vulnerabilities and Exposures (CVE®) list), the vulnerable package and version, and the version of the vulnerable package which contains the fix (if available).
  • Image Information: The container image where the vulnerability was detected.
  • Detection Information: A list of workloads in which the vulnerability was detected including the namespace, type, container, and last detection time for each of these workloads.

Enable runtime vulnerability scanning

Register a cluster to Container Security by following the instructions in Add a cluster.

To enable runtime vulnerability scanning:

  1. Add vulnerabilityScanning.enabled=true to your overrides YAML file (usually overrides.yaml):

        apiKey: <API_KEY>
        endpoint: <ENDPOINT>
            enabled: true
  2. Upgrade Container Security using the following command:

    helm upgrade \
        trendmicro \
        --namespace trendmicro-system --create-namespace \
        --values overrides.yaml \

View vulnerabilities

To view vulnerabilities, you'll first need to configure runtime vulnerability scanning.

The Vulnerability icon Vulnerability View page displays vulnerabilities currently running in your clusters, sorted by severity. You can search vulnerabilities by name, and filter results by severity level or CVE score.