C-0085 - Workloads with excessive amount of vulnerabilities

Framework

Severity

Medium

Description of the the issue

Container images with multiple Critical and High sevirity vulnerabilities increase the risk of potential exploit. This control lists all such images according to the threashold provided by the customer.Note, this control is configurable. See below the details.

Related resources

Pod

What does this control test

This control enumerates workloads and checks if they have excessive amount of vulnerabilities in their container images. The threshold of “excessive number” is configurable.

Remediation

Update your workload images as soon as possible when fixes become available.

Configuration

This control can be configured using the following parameters. Read CLI/UI documentation about how to change parameters.

Max Critical vulnerabilities

max_critical_vulnerabilities
The maximum number of Critical severity vulnerabilities permitted.

Max High vulnerabilities

max_high_vulnerabilities
The maximum number of High severity vulnerabilities permitted.

Example

@controls/examples/c85.yaml