Vulnerability Scans scan your container repository service images or Virtual Machine (VM) instances. MVISION Cloud scans your services to identify the software stored in the container images or running on the VMs. If MVISION Cloud detects vulnerabilities for the supported software, they are reported as incidents.
Vulnerability Scans are based on the Common Vulnerability Scoring System (CVSS), which assigns industry-standard scores to vulnerabilities. MVISION Cloud uses CVSSv2 and CVSSv3, defaulting to CVSSv3 when there are differences.
KNOWN ISSUE: You will notices changes in the reported Vulnerability Severity as MVISION Cloud upgrades from CVSSv2 to CVSSv3.
Vulnerability Scans appear as an option while creating an on-demand scan. They can be configured to run on-demand or scheduled to run daily, or weekly.
When you configure your Vulnerability Scan, select Container Images or VM instances:
- Container Images. Scans container repository services, including Amazon Elastic Container Registry (ECR), Azure Container Registry (ACR), and Google Container Registry (GCR).
- VM Instances. Scans running virtual machine hosts, including Amazon Elastic Compute Cloud (EC2), Azure Virtual Machines (VMs), and Google VM instances. You can also scan containers running on a VM for vulnerabilities. (This only identifies vulnerabilities that are introduced into the runtime containers in comparison to what is identified in the image.)
- Clusters. As part of the VM Instances selection, you can also scan Amazon EKS Kubernetes and Azure Kubernetes Service (AKS) main and secondary nodes for vulnerabilities when you select VM instances. The main node is scanned by default, and you can add Tags to specify any secondary nodes.
- Create a Vulnerability Scan for Container Images
- Create a Vulnerability Scan for Virtual Machines
- Create and manage your Vulnerability Policies on the Vulnerability Policies Page.
Before you can create a Vulnerability Scan for VMs, you must install McAfee Enterprise Cloud Workload Protection Platform (CWPP) PoPs and CWPP Agents on the endpoints. The agents discover applications on the endpoints and send this data to MVISION Cloud to build the app inventory. Currently, only Linux is supported.
CWPP PoPs and Agents are not required for container images.
Supported Operating Systems
The following operating systems are supported for Vulnerability Scans:
- Alpine. v3.2, v3.3, v3.4 to v3.12
- Amazon Linux. 2, 2018.03
- Centos/RHEL. 5, 6, 7, 8
- Debian. 9, 10, 11
- Oracle Linux. 5, 6, 7, 8
- Ubuntu. 12.04, 12.10, 13.04, 14.04, 14.10, 15.04, 15.10,16.04, 16.10, 17.04, 17.10, 18.04, 18.10, 19.04, 19.10, 20.04
Supported Container Platforms
MVISION Cloud relies on the National Vulnerability Database (NVD) to provide the latest Common Vulnerability and Exposures (CVEs). Currently, the CVE database includes the following versions:
- Docker. CVEs for all versions up to 20.10
- Kubernetes. CVEs for all versions up to v1.20