#Viewing and Addressing Vulnerabilities

Alauda Container Security provides comprehensive tools for discovering, viewing, prioritizing, and addressing vulnerabilities in your container and cluster environments. This document describes how to use the platform to manage vulnerabilities efficiently and securely.

#Overview of Vulnerability Management

Alauda Container Security enables you to:

• Identify vulnerabilities in workloads, platform components, and nodes
• Filter and prioritize vulnerabilities based on risk
• Take action through remediation, deferral, or exception management
• Export vulnerability data for further analysis

#Navigating Vulnerability Views

Vulnerability data is organized into several main views, accessible from Vulnerability Management > Results:

• User workloads: Vulnerabilities in workloads and images you have deployed
• Platform: Vulnerabilities in platform components (e.g., Alauda Container Platform and layered services)
• Nodes: Vulnerabilities across all nodes
• More views: Additional perspectives, such as all vulnerable images, inactive images, images without CVEs, and Kubernetes components

#User Workload Vulnerabilities

View and filter vulnerabilities in your deployed workloads and images.

#How to View User Workload Vulnerabilities

1. Go to Vulnerability Management > Results.
2. Select the User Workloads tab.
3. Use the Observed, Deferred, or False positives tabs to filter by vulnerability status.
4. Refine results by namespace, severity, or other filters as needed.
5. Use the filter bar to search by entity (e.g., CVE, image, deployment).

Note The Filtered view icon indicates that results are filtered. Click Clear filters to remove all filters, or remove individual filters by clicking them.

#User Workload Filter Options

#Platform Vulnerabilities

View vulnerabilities in platform components and layered services.

#How to View Platform Vulnerabilities

1. Go to Vulnerability Management > Results.
2. Select the Platform tab.
3. Use the Observed, Deferred, or False positives tabs as needed.
4. Refine results by namespace, severity, or other filters.
5. Use the filter bar to search by entity.

#Platform Filter Options

#Node Vulnerabilities

View vulnerabilities across all nodes in your environment.

#How to View Node Vulnerabilities

1. Go to Vulnerability Management > Results.
2. Select the Nodes tab.
3. Optionally, click Show snoozed CVEs.
4. Use filters to narrow down by node, CVE, component, or cluster.

#Node Filter Options

#More Views

Access additional perspectives on vulnerabilities:

• All vulnerable images: See all images with vulnerabilities
• Inactive images: View vulnerabilities in watched or inactive images
• Images without CVEs: Identify images with no detected vulnerabilities
• Kubernetes components: View vulnerabilities in the underlying Kubernetes structure

#How to Use More Views

1. Go to Vulnerability Management > Results.
2. Click More Views and select the desired view.
3. Use available filters and columns to organize and analyze the data.

#Exception Management

Exception management allows you to snooze, defer, or mark CVEs as false positives, tailoring vulnerability management to your organization's needs.

#Snoozing CVEs

Temporarily ignore a CVE for a specified period. Snoozed CVEs do not appear in reports or trigger policy violations.

#Steps to Snooze/Unsnooze CVEs

1. Go to Vulnerability Management > Platform CVEs or Node CVEs.
2. Select CVEs and use the overflow menu or bulk actions to snooze or unsnooze.
3. Choose the duration and confirm.

#Marking CVEs as False Positives

Mark a CVE as a false positive globally or for specific images. Requires approval.

#Steps to Mark as False Positive

1. Go to Vulnerability Management > Results > User Workloads.
2. Select CVEs and use the overflow menu or bulk actions.
3. Enter a rationale and submit the request.

#Deferring CVEs

Defer a CVE, accepting the risk for a specified period. Requires approval.

#Steps to Defer CVEs

1. Go to Vulnerability Management > Results > User Workloads.
2. Select CVEs and use the overflow menu or bulk actions.
3. Choose the deferral period, enter a rationale, and submit.

#Managing Exception Requests

Review, approve, deny, update, or cancel exception requests in Vulnerability Management > Exception Management.

#Viewing Deferred and False Positive CVEs

In User Workloads, use the Deferred or False positives tabs to view relevant CVEs.

#Identifying and Remediating Vulnerabilities

#Identifying Vulnerable Dockerfile Lines

Alauda Container Security can show which Dockerfile line introduced a vulnerable component.

#Steps

1. Go to Vulnerability Management > Results > User Workloads.
2. Click a CVE to view details and expand to see the affected Dockerfile line.

#Upgrading Components

Find and upgrade to a fixed version of a vulnerable component.

#Steps

1. Go to Vulnerability Management > Results > User Workloads > Images.
2. Select an image and expand the CVE to see the fixed version.
3. Update your image accordingly.

#Exporting Vulnerability Data

Export vulnerability data for further analysis or reporting using the API.

#How to Export via API

• Use the /v1/export/vuln-mgmt/workloads streaming API.
• Output is JSON, each line contains a deployment and its images.

#Example

curl -H "Authorization: Bearer $ROX_API_TOKEN" $ROX_ENDPOINT/v1/export/vuln-mgmt/workloads

#Best Practices

• Use filters and exception management to focus on relevant vulnerabilities.
• Regularly review deferred and false positive CVEs.
• Integrate exported data with external tools for compliance and reporting.
• Keep Alauda Container Security and scanners up to date.

#Summary

Alauda Container Security provides a robust platform for vulnerability discovery, prioritization, remediation, exception management, and data export. By following the structured procedures and best practices in this document, you can effectively manage container and cluster security risks in your environment.