C-0085 - Workloads with excessive amount of vulnerabilities

Workloads with excessive amount of vulnerabilities

Framework

AllControls, YAML-scanning, ArmoBest

Severity

Medium

Description of the the issue

Container images with multiple Critical and High sevirity vulnerabilities increase the risk of potential exploit. This control lists all such images according to the threashold provided by the customer.Note, this control is configurable. See below the details.

Related resources

Pod

What does this control test

This control enumerates workloads and checks if they have excessive amount of vulnerabilities in their container images. The threshold of “excessive number” is configurable.

Remediation

Update your workload images as soon as possible when fixes become available.

Configuration

This control can be configured using the following parameters. Read CLI/UI documentation about how to change parameters.

Max critical vulnerabilities

max_critical_vulnerabilities
Maximum amount of allowed critical risk vulnerabilities

Max high vulnerabilities

max_high_vulnerabilities
Maximum amount of allowed high risk vulnerabilities

Example

@controls/examples/c85.yaml

Did this page help you?