The Vulnerabilities section displays all the common vulnerabilities and exposures (CVE) found in workloads running in your clusters. You can view high-level information at a glance, such as the number of CVEs found per severity level, the workload, and the image tag.

You can drill-down for more information about the failed workloads. Click a workload to open the list of CVEs identified on that workload. ARMO Platform provides remediation suggestions for identified CVEs, if available, and links to more information about the CVE.

Filter CVEs

You can filter controls by severity using the severity tiles at the top of the page. Click a tile to filter by that severity, and click a second time to remove the filter.

You can further filter CVEs by clicking + Add filter. We include a filter for fixable CVEs and for remote code execution (RCE) CVEs. You can also filter by CVE name or reorder the list of failed workloads by clicking the arrows in the table.

View failed workloads

Click a workload to view the CVEs that were identified on the workload. By default, failed CVEs are ordered by severity. Click the name of the CVE to go to the relevant site for more information.

If a fix exists, the Fixable column has a Yes, and the Fix in version column has an entry. CVEs are frequently fixed when you upgrade the resource to a later version.

Accepting a Risk

If your organization determines the CVE is an acceptable risk, you can accept the risk for that CVE by clicking Ignore. See Risk acceptance for vulnerabilities for more information.