The image view, in the Images tab of the CI/CD page, shows the images in your environments, as they are identified upstream in your CI tools (for example, using the CI Docker plugin) or registry (for example, Jfrom Xray). The view shows the Panoptica identity (Image Id) created for the image. It also shows vulnerabilities discovered in the image, using the Cisco Panoptica scanner.
Click on the row for an image, to show details of the vulnerabilities found by the image scan. These are sorted by severity.
You can expand the detail for specific vulnerabilities to show details for the package in the image with the vulnerability.
You can acknowledge a vulnerability in an image. This removes the vulnerability from the list for this image, and ignores it if it is found again if the image is scanned again
To acknowledge a vulnerability:
- Select the vulnerability from the list.
- Click Ignore. The vulnerability is removed from the list.
You can filter the list to show vulnerabilities for specific layers in an image. Select the layer from Image layer drop-down list, at the top of the page, This vulnerabilities for the selected layer.
You can also show the a summary of all vulnerabilities in the image, grouped by layer. Select the IMAGES tab.
You can filter the list of vulnerabilities to show only those that are fixable. Select 'Yes' in the Fixable only drop-down list.
The PACKAGES & LICENSES tab shows a list of the packages and licenses used by the image.
You can manually mark images as approved or unapproved from this view. An image marked approved is considered identified by Panoptica, and will not be blocked by the Unidentified workloads built-in Deployment rule. Alternatively you can mark an image that you consider malicious as unapproved, and it will be blocked from deployment by the rule.
To approve or unapprove images, select them, and then click Approve images (or Unapprove images), in the toolbar at the top.
Updated 18 days ago