#Vulnerability Reporting

Alauda Container Security allows you to create, schedule, and download on-demand image vulnerability reports from the Vulnerability Management > Vulnerability Reporting menu. These reports provide a comprehensive list of vulnerabilities (CVEs) in images and deployments (user workloads).

You can share these reports with auditors or internal stakeholders by scheduling email delivery or downloading and distributing the report manually. Scheduled communications help keep key stakeholders informed about the vulnerability status of your environment.

#Planning Vulnerability Reports

When planning scheduled vulnerability reports, consider:

• What schedule is most effective for your stakeholders?
• Who is the audience?
• Should the report include only specific severity levels?
• Should the report include only fixable vulnerabilities?

Alauda Container Security guides you through creating a vulnerability report configuration, which determines the content and schedule of each report.

#Creating a Vulnerability Report

#Steps

1. In the Alauda Container Security portal, go to Vulnerability Management > Vulnerability Reporting.
2. Click Create report.
3. On the Configure report parameters page, provide:
   • Report name: Name for your report configuration.
   • Report description: (Optional) Description of the report.
   • CVE severity: Select the severity levels to include.
   • CVE status: Select one or more statuses (Fixable, Unfixable).
   • Image type: Select one or more types (Deployed images, Watched images).
   • CVEs discovered since: Select the time period for included CVEs.
   • (Optional) Include NVD CVSS: Add the NVD CVSS column to the report.
   • Configure collection included: Select or create at least one collection to include. You can view, edit, or preview collections.

Note For more about collections, see "Creating and using deployment collections".

4. Click Next to configure delivery destinations and schedule (optional unless you selected to include CVEs discovered since the last scheduled report).

#Configuring Delivery Destinations and Schedule

1. In Configure delivery destinations, add a destination and set up a schedule.
2. To email reports, configure at least one email notifier. Select an existing notifier or create a new one. Default recipients appear in the Distribution list; you can add more addresses separated by commas.
3. Edit the default email template if needed:
   1. Click the edit icon and customize the subject and body in the Edit tab.
   2. Preview your template in the Preview tab.
   3. Click Apply to save changes.

   Note When reviewing report jobs, you can see whether the default or a custom template was used.

4. In Configure schedule, select the frequency and day of the week.
5. Click Next to review and finish creating the report configuration.

#Reviewing and Creating the Report Configuration

1. In the Review and create section, review all configuration parameters, delivery destination, email template, schedule, and format. Click Back to edit any field.
2. Click Create to save the configuration.

#Access Control and Permissions

• You can only view, create, and download reports for data your user account has permission to access.
• You can only download reports you have generated; you cannot download reports generated by others.
• If your access permissions change, old reports do not reflect the new permissions. To view new data, create a new report.

#Editing and Managing Report Configurations

You can edit, clone, or delete report configurations as needed.

#Editing a Report Configuration

1. In Vulnerability Management > Vulnerability Reporting, locate the report configuration.
2. Click the overflow menu (three dots) and select Edit report, or click the report name, then Actions > Edit report.
3. Make changes and save.

#Cloning a Report Configuration

1. In the list, click Clone report for the desired configuration.
2. Modify parameters and destinations as needed.
3. Click Create.

#Deleting a Report Configuration

1. In the list, click the overflow menu for the configuration and select Delete report.

Note Deleting a configuration also deletes all reports previously run using it.

#Generating and Downloading Reports

You can generate and download on-demand vulnerability reports.

#Steps

1. In Vulnerability Management > Vulnerability Reporting, locate the desired configuration.
2. Generate the report:
   • From the list: Click the overflow menu and select Generate download. The status appears in My active job status. When processing is complete, the report is ready for download.
   • From the report window: Click the report name, then Actions > Generate download.
3. To download, open the report configuration, click All report jobs, and click the Ready for download link in the Status column. The report is a .csv file compressed as .zip.

Note You can only download reports you have generated.

#Sending Reports Immediately

You can send a report immediately instead of waiting for the scheduled time.

1. In Vulnerability Management > Vulnerability Reporting, locate the configuration.
2. Click the overflow menu and select Send report now.

#Report Retention and Expiry Settings

You can configure how long report jobs and downloadable files are retained.

1. In Platform Configuration > System Configuration, set:
   • Vulnerability report run history retention: Number of days to keep report job records.
   • Prepared downloadable vulnerability reports retention days: Number of days downloadable reports are available.
   • Prepared downloadable vulnerability reports limit: Maximum space (MB) for downloadable reports; oldest jobs are removed when the limit is reached.
2. Click Edit to change values, then Save.

Note These settings do not affect jobs in WAITING or PREPARING state, the last successful scheduled/on-demand/emailed/downloaded job, or jobs not yet deleted manually or by pruning.