Skip to main content
McAfee Enterprise MVISION Cloud

Create a Vulnerability Scan for ACR

Prerequisites

For Vulnerability Scans to run, the following role is required: 

  • Reader

Configure a Vulnerability Scan

Perform the following activities to configure a Vulnerability Scan:

  1. Choose Policy > On-Demand Scan.
  2. Click Actions > Create a Scan.
  3. The Scan Creation Wizard is displayed. On the General Info page enter the following:
    • Scan Type. Select Vulnerability.
    • Name. Enter a unique identifier so that you can rerun the scan later.
    • Description. Enter an optional description for the scan. 
    • Service Instance. Select the cloud service instance you want to scan.
      vulnerability_scan_acr.png
  4. Click Next
  5. The Select Policies page displays the active Vulnerability policies. Select the policies you want to use, and click Next.
    cvs_acr_policies.png
  6. On the Configure Scan page, select your Scan Category, then configure the scope of your scan.
    • For Container Images: 
      vulnerability_scan_container_images_5.3.2.png
      • Scan Category. Select Container Images or VM Instances
      • Images:
        • Data Scope
          • Full. Scans all images every time the scan is run.
          • Incremental. Scan only those images that have added/modified since the last successful scan. 
          • Scan Dates. Select All, to scan all dates. Or select Last X Days to limit the scan to the specified time period. 
      • Repositories: 
        • All Repositories. Scan all repositories.
        • Include Specific Repositories. To include specific repositories for scan, enter the applicable repositories using the following choices. 
        • Exclude Specific Repositories. To exclude specific repositories for scan, enter the applicable repositories using the following choices. 
          • Use a Predefined Dictionary. Select a Predefined Dictionary from the drop-down list. For more information, see this topic.
          • Manually enter Repositories. Manually enter the repositories in the textbox which needs to be scanned. You can enter multiple repositories separated by a space, or comma.
      • Subscriptions:
        • All Subscriptions. Scan all subscriptions. 
        • Include Specific Subscriptions. To include only specific projects, click Edit and select the applicable Subscription checkbox. 
        • Exclude Specific Subscriptions. To exclude only specific projects, click Edit and select the applicable Subscription checkbox. 

cvs_acr_configure.png

NOTE: An incident is generated per image. So, if there are three images specified in the scan, then three incidents might be generated. This depends on the rules of the policy selected for the scan.

  • For VM Instances:
    • Scan Containers in Instances. Select to also scan containers within a VM for vulnerabilities. This only identifies vulnerabilities that are introduced into the runtime containers in comparison to what is identified in the image.
    • Subscriptions:
      • All Subscriptions. Scan all subscriptions. 
      • Include Specific Subscriptions. To include only specific projects, click Edit and select the applicable Subscription checkbox. 
      • Exclude Specific Subscriptions. To exclude only specific projects, click Edit and select the applicable Subscription checkbox. 
    • Tags. Select any tags you want to use for your rule, and enter the key-value pair. (Tags are assigned to your instances in Azure. For example, if you have tagged an instance with "name = finance", you can use that tag in your scan.)
      vulnerability_scan_vm_acr_5.3.2.png
  1. Click Next
  2. On the Schedule Scan page, select the schedule to run your scan and click Next:
    • None (On-Demand Only). Run the scan once now.
    • Daily. Run the scan once a day. Configure the time and time zone. 
    • Weekly. Run the scan once a week. Configure the day, time, and time zone.
      clipboard_edd2399d0f442720aea132aeba36b70d7.png 
  3. On the Review and Activate page, review your settings for the On-Demand Scan, and click Save. Click Back to make changes. 

When a scan is complete, you can view the results or return to scan on the Policy > On-Demand Scan page.

You can view policy incident violations on the Policy > Policy Incidents page. Filter for Incident Type > Vulnerability Violation

  • Was this article helpful?