Vulnerability Scans scan your container repository service images or Virtual Machine (VM) instances. MVISION Cloud scans your services to identify the software stored in the container images or running on the VMs. If MVISION Cloud detects vulnerabilities for the supported software, they are reported as incidents.
Vulnerability Scans are based on the Common Vulnerability Scoring System (CVSS), which assigns industry-standard scores to vulnerabilities. MVISION Cloud uses CVSSv2 and CVSSv3, defaulting to CVSSv3 when there are differences.
KNOWN ISSUE: You might notices changes in the reported Vulnerability Severity as MVISION Cloud upgrades from CVSSv2 to CVSSv3.
Vulnerability Scans appears as an option while creating an on-demand scan. They can be configured to run on-demand or scheduled to run daily, or weekly.
Vulnerability Scans are available for:
- Create a Vulnerability Scan for ACR
- Create a Vulnerability Scan for AWS
- Create a Vulnerability Scan for GCR
When you configure your Vulnerability Scan, you will select if you want to scan Container Images or VM instances:
- Container Images. Scans container repository services, including Amazon Elastic Container Registry (ECR), Azure Container Registry (ACR), and Google Container Registry (GCR).
- VM Instances. Scans virtual machines, including Amazon Elastic Compute Cloud (EC2), Azure Virtual Machines (VMs), and Google VM instances. You can also scan containers within a VM for vulnerabilities. (This only identifies vulnerabilities that are introduced into the runtime containers in comparison to what is identified in the image.)
Create and manage your Vulnerability Policies on the Vulnerability Policies Page.
Before you can create a Vulnerability Scan for VMs, you must install McAfee Cloud Workload Protection Platform (CWPP) PoPs and CWPP Agents on the endpoints. The agents discover applications on the endpoints and send this data to MVISION Cloud to build the app inventory. Currently, only Linux is supported.
CWPP PoPs and Agents are not required for container images.
Supported Operating Systems
The following operating systems are supported for Vulnerability Scans:
- Alpine. v3.2, v3.3, v3.4 to v3.12
- Amazon Linux. 2, 2018.03
- Centos/RHEL. 5, 6, 7, 8
- Debian. 9, 10, 11
- Oracle Linux. 5, 6, 7, 8
- Ubuntu. 12.04, 12.10, 13.04, 14.04, 14.10, 15.04, 15.10,16.04, 16.10, 17.04, 17.10, 18.04, 18.10, 19.04, 19.10, 20.04
Supported Container Platforms
MVISION Cloud relies on the National Vulnerability Database (NVD) to provide the latest Common Vulnerability and Exposures (CVEs). Currently, the CVE database includes the following versions:
- Docker. CVEs for all versions up to 20.10
- Kubernetes. CVEs for all versions up to v1.20