Alauda Container Security

Evaluating Security Risks

Alauda Container Security assesses and ranks your deployments by security risk, highlighting vulnerabilities, configurations, and runtime activities needing attention.

TOC

Risk View

The Risk view lists all deployments, sorted by a multi-factor risk metric (policy violations, image contents, configuration, etc.). Deployments at the top are the most at risk.

Each deployment shows:

  • Name
  • Created
  • Cluster
  • Namespace
  • Priority

Features:

  • Sort and filter violations
  • Create new policies from filtered results

To see more details, select a deployment.

Creating Policies from Risk View

You can create security policies based on your filters in the Risk view.

Steps:

  1. Go to Risk in the portal.
  2. Apply filters.
  3. Click New Policy and fill required fields.

Note: Only Cluster, Namespace, Deployment, and Label filters are converted to policy scopes. Other filters may be dropped or modified.

Filter Mapping Table

Search AttributePolicy Criteria
Add CapabilitiesAdd Capabilities
AnnotationDisallowed Annotation
CPU Cores LimitContainer CPU Limit
CPU Cores RequestContainer CPU Request
CVECVE
CVE Published On✕ Dropped
CVE Snoozed✕ Dropped
CVSSCVSS
Cluster⟳ Converted to scope
ComponentImage Component (name)
Component VersionImage Component (version)
Deployment⟳ Converted to scope
Deployment Type✕ Dropped
Dockerfile Instruction KeywordDockerfile Line (key)
Dockerfile Instruction ValueDockerfile Line (value)
Drop Capabilities✕ Dropped
Environment KeyEnvironment Variable (key)
Environment ValueEnvironment Variable (value)
Environment Variable SourceEnvironment Variable (source)
Exposed Node Port✕ Dropped
Exposing Service✕ Dropped
Exposing Service Port✕ Dropped
Exposure LevelPort Exposure
External Hostname✕ Dropped
External IP✕ Dropped
Image✕ Dropped
Image Command✕ Dropped
Image Created TimeDays since image was created
Image Entrypoint✕ Dropped
Image LabelDisallowed Image Label
Image OSImage OS
Image Pull Secret✕ Dropped
Image RegistryImage Registry
Image RemoteImage Remote
Image Scan TimeDays since image was last scanned
Image TagImage Tag
Image Top CVSS✕ Dropped
Image User✕ Dropped
Image Volumes✕ Dropped
Label⟳ Converted to scope
Max Exposure Level✕ Dropped
Memory Limit (MB)Container Memory Limit
Memory Request (MB)Container Memory Request
Namespace⟳ Converted to scope
Namespace ID✕ Dropped
Pod Label✕ Dropped
PortPort
Port ProtocolProtocol
Priority✕ Dropped
PrivilegedPrivileged
Process AncestorProcess Ancestor
Process ArgumentsProcess Arguments
Process NameProcess Name
Process Path✕ Dropped
Process Tag✕ Dropped
Process UIDProcess UID
Read Only Root FilesystemRead-Only Root Filesystem
Secret✕ Dropped
Secret Path✕ Dropped
Service Account✕ Dropped
Service Account Permission LevelMinimum RBAC Permission Level
Toleration Key✕ Dropped
Toleration Value✕ Dropped
Volume DestinationVolume Destination
Volume NameVolume Name
Volume ReadOnlyWritable Volume
Volume SourceVolume Source
Volume TypeVolume Type

Scope Conversion Example: Filtering by Cluster:A,B and Namespace:Z creates:

  • (Cluster=A AND Namespace=Z)
  • (Cluster=B AND Namespace=Z)

Risk Details Panel

Selecting a deployment opens the Risk Details panel with multiple tabs.

Risk Indicators Tab

Shows:

  • Policy Violations
  • Suspicious Process Executions
  • Image Vulnerabilities
  • Service Configurations
  • Service Reachability
  • Components Useful for Attackers
  • Number of Components in Image
  • Image Freshness
  • RBAC Configuration

Only relevant sections are shown for the selected deployment.

Deployment Details Tab

Provides:

  • Deployment ID
  • Namespace
  • Updated (timestamp)
  • Deployment Type
  • Replicas
  • Labels
  • Cluster name
  • Annotations
  • Service Account

Container Configuration:

  • Image Name
  • Resources: CPU/Memory requests and limits
  • Mounts: Name, Source, Destination, Type
  • Secrets: Kubernetes secrets and X.509 certificate details

Security Context:

  • Privileged: true if privileged

Process Discovery Tab

Lists all binaries executed in each container, summarized by deployment:

  • Binary Name
  • Container
  • Arguments
  • Time (most recent)
  • Pod ID
  • UID

Use Process Name:<name> in the filter bar to search.

Event Timeline

The Event Timeline shows events for the selected deployment:

  • Process activities
  • Policy violations
  • Container restarts/terminations

Events appear as icons on a timeline. Hover for details. You can:

  • Show legend for event types
  • Export as PDF/CSV
  • Filter event types
  • Expand to see events per container

A minimap controls the visible range.

Notes:

  • On container restarts, up to 10 inactive instances per container are shown; process activities for previous instances are not tracked.
  • Only the most recent execution of each (process name, arguments, UID) per pod is shown.
  • Events are shown only for active pods.
  • Timestamps are adjusted for accuracy.