C-0085 - Workloads with excessive amount of vulnerabilities
Framework
Severity
Medium
Description of the the issue
Container images with multiple Critical and High sevirity vulnerabilities increase the risk of potential exploit. This control lists all such images according to the threashold provided by the customer.Note, this control is configurable. See below the details.
Related resources
Pod
What does this control test
This control enumerates workloads and checks if they have excessive amount of vulnerabilities in their container images. The threshold of “excessive number” is configurable.
Remediation
Update your workload images as soon as possible when fixes become available.
Configuration
This control can be configured using the following parameters. Read CLI/UI documentation about how to change parameters.
Max Critical vulnerabilities
max_critical_vulnerabilities
The maximum number of Critical severity vulnerabilities permitted.
Max High vulnerabilities
max_high_vulnerabilities
The maximum number of High severity vulnerabilities permitted.
Example
@controls/examples/c85.yaml
Updated 3 months ago