1. Documentation
    2. history bug_report picture_as_pdf
×

Using the vulnerability management dashboard (deprecated)

Historically, RHACS has provided a view of vulnerabilities discovered in your system in the vulnerability management dashboard. With the dashboard, you can view vulnerabilities by image, node, or platform. You can also view vulnerabilities by clusters, namespaces, deployments, node components, and image components. The dashboard is deprecated in RHACS 4.5 and will be removed in a future release.

To perform actions on vulnerabilities, such as view additional information about a vulnerability, defer a vulnerability, or mark a vulnerability as a false positive, click Vulnerability ManagementWorkload CVEs. To review requests for deferring and marking CVEs as false positives, click Vulnerability ManagementException Management.

Viewing application vulnerabilities by using the dashboard

You can view application vulnerabilities in Red Hat Advanced Cluster Security for Kubernetes by using the dashboard.

Procedure

  1. In the RHACS portal, go to Vulnerability ManagementDashboard.

  2. On the Dashboard view header, select Application & InfrastructureNamespaces or Deployments.

  3. From the list, search for and select the Namespace or Deployment you want to review.

  4. To get more information about the application, select an entity from Related entities on the right.

Viewing image vulnerabilities by using the dashboard

You can view image vulnerabilities in Red Hat Advanced Cluster Security for Kubernetes by using the dashboard.

Procedure

  1. In the RHACS portal, go to Vulnerability ManagementDashboard.

  2. On the Dashboard view header, select <number> Images.

  3. From the list of images, select the image you want to investigate. You can also filter the list by performing one of the following steps:

    1. Enter Image in the search bar and then select the Image attribute.

    2. Enter the image name in the search bar.

  4. In the image details view, review the listed CVEs and prioritize taking action to address the impacted components.

  5. Select Components from Related entities on the right to get more information about all the components that are impacted by the selected image. Or select Components from the Affected components column under the Image findings section for a list of components affected by specific CVEs.

Viewing cluster vulnerabilities by using the dashboard

You can view vulnerabilities in clusters by using Red Hat Advanced Cluster Security for Kubernetes.

Procedure

  1. In the RHACS portal, go to Vulnerability ManagementDashboard.

  2. On the Dashboard view header, select Application & InfrastructureClusters.

  3. From the list of clusters, select the cluster you want to investigate.

  4. Review the cluster’s vulnerabilities and prioritize taking action on the impacted nodes on the cluster.

Viewing node vulnerabilities by using the dashboard

You can view vulnerabilities in specific nodes by using Red Hat Advanced Cluster Security for Kubernetes.

Procedure

  1. In the RHACS portal, go to Vulnerability ManagementDashboard.

  2. On the Dashboard view header, select Nodes.

  3. From the list of nodes, select the node you want to investigate.

  4. Review vulnerabilities for the selected node and prioritize taking action.

  5. To get more information about the affected components in a node, select Components from Related entities on the right.

Finding the most vulnerable image components by using the dashboard

Use the Vulnerability Management view for identifying highly vulnerable image components.

Procedure

  1. Go to the RHACS portal and click Vulnerability ManagementDashboard from the navigation menu.

  2. From the Vulnerability Management view header, select Application & InfrastructureImage Components.

  3. In the Image Components view, select the Image CVEs column header to arrange the components in descending order (highest first) based on the CVEs count.

Viewing details only for fixable CVEs by using the dashboard

Use the Vulnerability Management view to filter and show only the fixable CVEs.

Procedure

  1. In the RHACS portal, go to Vulnerability ManagementDashboard.

  2. From the Vulnerability Management view header, under Filter CVEs, click Fixable.

Identifying the operating system of the base image by using the dashboard

Use the Vulnerability Management view to identify the operating system of the base image.

Procedure

  1. Go to the RHACS portal and click Vulnerability ManagementDashboard from the navigation menu.

  2. From the Vulnerability Management view header, select Images.

  3. View the base operating system (OS) and OS version for all images under the Image OS column.

  4. Select an image to view its details. The base operating system is also available under the Image SummaryDetails and Metadata section.

Red Hat Advanced Cluster Security for Kubernetes lists the Image OS as unknown when either:

  • The operating system information is not available, or

  • If the image scanner in use does not provide this information.

Docker Trusted Registry, Google Container Registry, and Anchore do not provide this information.

Identifying top risky objects by using the dashboard

Use the Vulnerability Management view for identifying the top risky objects in your environment. The Top Risky widget displays information about the top risky images, deployments, clusters, and namespaces in your environment. The risk is determined based on the number of vulnerabilities and their CVSS scores.

Procedure

  1. Go to the RHACS portal and click Vulnerability ManagementDashboard from the navigation menu.

  2. Select the Top Risky widget header to choose between riskiest images, deployments, clusters, and namespaces.

    The small circles on the chart represent the chosen object (image, deployment, cluster, namespace). Hover over the circles to see an overview of the object they represent. And select a circle to view detailed information about the selected object, its related entities, and the connections between them.

    For example, if you are viewing Top Risky Deployments by CVE Count and CVSS score, each circle on the chart represents a deployment.

    • When you hover over a deployment, you see an overview of the deployment, which includes deployment name, name of the cluster and namespace, severity, risk priority, CVSS, and CVE count (including fixable).

    • When you select a deployment, the Deployment view opens for the selected deployment. The Deployment view shows in-depth details of the deployment and includes information about policy violations, common vulnerabilities, CVEs, and riskiest images for that deployment.

  3. Select View All on the widget header to view all objects of the chosen type. For example, if you chose Top Risky Deployments by CVE Count and CVSS score, you can select View All to view detailed information about all deployments in your infrastructure.

Identifying top riskiest images and components by using the dashboard

Similar to the Top Risky, the Top Riskiest widget lists the names of the top riskiest images and components. This widget also includes the total number of CVEs and the number of fixable CVEs in the listed images.

Procedure

  1. Go to the RHACS portal and click Vulnerability Management from the navigation menu.

  2. Select the Top Riskiest Images widget header to choose between the riskiest images and components. If you are viewing Top Riskiest Images:

    • When you hover over an image in the list, you see an overview of the image, which includes image name, scan time, and the number of CVEs along with severity (critical, high, medium, and low).

    • When you select an image, the Image view opens for the selected image. The Image view shows in-depth details of the image and includes information about CVEs by CVSS score, top riskiest components, fixable CVEs, and Dockerfile for the image.

  3. Select View All on the widget header to view all objects of the chosen type. For example, if you chose Top Riskiest Components, you can select View All to view detailed information about all components in your infrastructure.

Viewing the Dockerfile for an image by using the dashboard

Use the Vulnerability Management view to find the root cause of vulnerabilities in an image. You can view the Dockerfile and find exactly which command in the Dockerfile introduced the vulnerabilities and all components that are associated with that single command.

The Dockerfile section shows information about:

  • All the layers in the Dockerfile

  • The instructions and their value for each layer

  • The components included in each layer

  • The number of CVEs in components for each layer

When there are components introduced by a specific layer, you can select the expand icon to see a summary of its components. If there are any CVEs in those components, you can select the expand icon for an individual component to get more details about the CVEs affecting that component.

Procedure

  1. In the RHACS portal, go to Vulnerability ManagementDashboard.

  2. Select an image from either the Top Riskiest Images widget or click the Images button at the top of the dashboard and select an image.

  3. In the Image details view, next to Dockerfile, select the expand icon to see a summary of instructions, values, creation date, and components.

  4. Select the expand icon for an individual component to view more information.

Identifying the container image layer that introduces vulnerabilities by using the dashboard

You can use the Vulnerability Management dashboard to identify vulnerable components and the image layer they appear in.

Procedure

  1. Go to the RHACS portal and click Vulnerability ManagementDashboard from the navigation menu.

  2. Select an image from either the Top Riskiest Images widget or click the Images button at the top of the dashboard and select an image.

  3. In the Image details view, next to Dockerfile, select the expand icon to see a summary of image components.

  4. Select the expand icon for specific components to get more details about the CVEs affecting the selected component.

Viewing recently detected vulnerabilities by using the dashboard

The Recently Detected Vulnerabilities widget on the Vulnerability ManagementDashboard view shows a list of recently discovered vulnerabilities in your scanned images, based on the scan time and CVSS score. It also includes information about the number of images affected by the CVE and its impact (percentage) on your environment.

  • When you hover over a CVE in the list, you see an overview of the CVE, which includes scan time, CVSS score, description, impact, and whether it’s scored by using CVSS v2 or v3.

  • When you select a CVE, the CVE details view opens for the selected CVE. The CVE details view shows in-depth details of the CVE and the components, images, and deployments and deployments in which it appears.

  • Select View All on the Recently Detected Vulnerabilities widget header to view a list of all the CVEs in your infrastructure. You can also filter the list of CVEs.

Viewing the most common vulnerabilities by using the dashboard

The Most Common Vulnerabilities widget on the Vulnerability ManagementDashboard view shows a list of vulnerabilities that affect the largest number of deployments and images arranged by their CVSS score.

  • When you hover over a CVE in the list, you see an overview of the CVE which includes, scan time, CVSS score, description, impact, and whether it is scored by using CVSS v2 or v3.

  • When you select a CVE, the CVE details view opens for the selected CVE. The CVE details view shows in-depth details of the CVE and the components, images, and deployments and deployments in which it appears.

  • Select View All on the Most Common Vulnerabilities widget header to view a list of all the CVEs in your infrastructure. You can also filter the list of CVEs. To export the CVEs as a CSV file, select ExportDownload CVES as CSV.

Finding clusters with most Kubernetes and Istio vulnerabilities by using the dashboard

You can identify the clusters with most Kubernetes, Red Hat OpenShift, and Istio vulnerabilities (deprecated) in your environment by using the vulnerability management dashboard.

Procedure

  1. In the RHACS portal, click Vulnerability ManagementDashboard. The Clusters with most orchestrator and Istio vulnerabilities widget shows a list of clusters, ranked by the number of Kubernetes, Red Hat OpenShift, and Istio vulnerabilities (deprecated) in each cluster. The cluster on top of the list is the cluster with the highest number of vulnerabilities.

  2. Click on one of the clusters from the list to view details about the cluster. The Cluster view includes:

    • Cluster Summary section, which shows cluster details and metadata, top risky objects (deployments, namespaces, and images), recently detected vulnerabilities, riskiest images, and deployments with the most severe policy violations.

    • Cluster Findings section, which includes a list of failing policies and list of fixable CVEs.

    • Related Entities section, which shows the number of namespaces, deployments, policies, images, components, and CVEs the cluster contains. You can select these entities to view more details.

  3. Click View All on the widget header to view the list of all clusters.

Identifying vulnerabilities in nodes by using the dashboard

You can use the Vulnerability Management view to identify vulnerabilities in your nodes. The identified vulnerabilities include vulnerabilities in core Kubernetes components and container runtimes such as Docker, CRI-O, runC, and containerd. For more information on operating systems that RHACS can scan, see "Supported operating systems".

Procedure

  1. In the RHACS portal, go to Vulnerability ManagementDashboard.

  2. Select Nodes on the header to view a list of all the CVEs affecting your nodes.

  3. Select a node from the list to view details of all CVEs affecting that node.

    1. When you select a node, the Node details panel opens for the selected node. The Node view shows in-depth details of the node and includes information about CVEs by CVSS score and fixable CVEs for that node.

    2. Select View All on the CVEs by CVSS score widget header to view a list of all the CVEs in the selected node. You can also filter the list of CVEs.

    3. To export the fixable CVEs as a CSV file, select Export as CSV under the Node Findings section.

Additional resources

Creating policies to block specific CVEs by using the dashboard

You can create new policies or add specific CVEs to an existing policy from the Vulnerability Management view.

Procedure

  1. Click CVEs from the Vulnerability Management view header.

  2. You can select the checkboxes for one or more CVEs, and then click Add selected CVEs to Policy (add icon) or move the mouse over a CVE in the list, and select the Add icon.

  3. For Policy Name:

    • To add the CVE to an existing policy, select an existing policy from the drop-down list box.

    • To create a new policy, enter the name for the new policy, and select Create <policy_name>.

  4. Select a value for Severity, either Critical, High, Medium, or Low.

  5. Choose the Lifecycle Stage to which your policy is applicable, from Build, or Deploy. You can also select both life-cycle stages.

  6. Enter details about the policy in the Description box.

  7. Turn off the Enable Policy toggle if you want to create the policy but enable it later. The Enable Policy toggle is on by default.

  8. Verify the listed CVEs which are included in this policy.

  9. Click Save Policy.