The default IMAGES tab of the CI/CD page lists the images in your environments, as they are identified upstream in your CI tools (for example, using the CI Docker plugin) or registry (for example, Jfrog Xray).

For each image listed, you can view the image tags, licenses, image ID, time added, source, and status. The five colored icons under Vulnerability indicate the severity of the vulnerability, from Critical (red) to No known risk (green). The number beside each icon indicates the number of vulnerabilites identified at each severity level.

The colored icons under CIS Benchmark indicate the results of Panoptica's assessment of the image according to the CIS Docker Benchmark: Red = Fatal; Yellow = Warning; Blue - Informational output only.

Image Details

Click on any row in the table to view details of the image scan results, sorted by severity.

The default Vulnerabilities tab lists the vulnerabilities found in that image. The results can be filtered by Image layer (if available) and Fixable status. You can configure which columns are displayed by clicking on the Columns icon, in the upper right.

Click the down arrow (∨) to the left of the Findings column to expand the row, and view details about the package with the vulnerability.

Acknowledge (ignore) vulnerabilities

You can acknowledge a vulnerability in an image. This removes the vulnerability notification for this image, and ignores it if found again in a subsequent scan.

To acknowledge a vulnerability:

  1. Select the vulnerability from the list by checking the box. Once checked, the Acknowledge option will appear above the table.
  2. Select the period of time for which you wish to ignore this notification, and click Save. The selected vulnerability is removed from the list.

To view acknowledged vulnerabilities, toggle the Active only / 'Acknowledged only' switch at the top of the table, to view vulnerabilities you have chosen to ignore. You can then select any vulnerability you want to return to the list, and click Activate

Image layers

The Image Layers tab displays a summary of all vulnerabilities in the image, grouped by layer.

CIS Docker Benchmark

With the Docker plugin installed, Panoptica provides CIS Benchmark assessments of your images. The CIS Benchmark tab displays the finding of this assessment. See CIS Docker Benchmark for more information.

The results give visibility into the benchmark compliance. The findings are color coded, according to their severity.

  • Red: Fatal
  • Yellow: Warning
  • Blue: Informational

The Description column

Image Packages & Licenses

The PACKAGES & LICENSES tab shows a list of the packages and licenses used by the image.

Approve or Unapprove images

You can manually mark images as approved or unapproved from this view. An image marked approved is considered identified by Panoptica, and will not be blocked by the Unidentified workloads built-in Deployment rule. Alternatively you can mark an image that you consider malicious as unapproved, and it will be blocked from deployment by the rule.

To approve or unapprove images, select them in the table, and then click Approve images (or Unapprove images) in the toolbar at the top. You can select multiple images and approve/unapprove them in a batch.