The Vulnerability report for Container Security lists all of the Common Vulnerabilities and Exposures (CVEs) stored in your container images and virtual machines (VM), running or not.
- VM incident vulnerabilities without a running container are listed under the Container Name and Image Name columns as "-".
- VM incident vulnerabilities with a running container are listed in the Container Name and Image Name columns with a value.
- If you currently have an existing scheduled Vulnerability report, the new Vulnerabilities column is not available. You will need to create a new scheduled Vulnerability Report.
- The Vulnerabilities column is not available for other incident reports.
- If you add filters for multiple incident types, they will not be available in the Vulnerability report.
- We recommend that you create and download the Vulnerability report in CSV format. Microsoft Excel truncates cells to no more than 5,000 characters. If the report has more than 5,000 characters for a given CVE, it may not display the complete list of CVEs.
- For Vulnerability incidents, if an incident has multiple vulnerabilities, one report is exported as multiple rows one for each vulnerability and includes duplicated information in other columns. The Vulnerability Severity column is also added automatically.
Create the Vulnerability Report
To create the Vulnerability report:
- Go to the Incidents > Policy Incidents page.
- Click Actions > Create Report > Vulnerability Report.
- Select your report format:
- Click Generate Report.
The report is generated and listed on the Reports page.
The Vulnerability Report includes the following columns of information:
- Policy Name
- Item Name
- User Name
- Incident Created On
- Incident Response
- Incident Status
- Service Name
- Instance Name
- Container Name
- Image Name
- Vulnerability Count
- Vulnerability Severity
- Published Date
- Affected Version
- Fixed Version