Managing Container Images
Feature availability notice
Rapid7 no longer offers Container Security for new InsightVM customers. This feature is available to eligible InsightVM users only. If interested in this feature, see our Cloud Risk Complete offering.
You can view information about your container images and their associated repositories on the Container listing table. Additionally, you can view details for specific images and repositories, assess images, and manage other container registry connections.
Selecting an image ID
If you cannot select an image ID, you may need to add a registry connection.
Viewing image details
You can view the images in your environment, public and private, on the Images page. Image details include the Registry, ID, Created date, Layers, Operating System, Size, Format, and Tags. You can also click a row in this view to open a panel that displays vulnerabilities information for an image.
Use the "Containers > Images" view to see your image details.
To view image details:
- Click the Containers icon to open the Images view.
- Click an item in the ID column. The Images Details panel and the related views are displayed.
Image details filters
- The Packages filter displays information about the software packages that are contained in the image and the current aggregated status. Click a row in this view to open a panel that displays Vulnerabilities, including Vulnerability Name, Published On date, and Risk Score.
- The repository name takes you to the image listing of that repository, including Tags, Risk Score, Vulnerabilities, OS, Packages, Layers, Size, and Created On date. You can also assess images or synchronize repositories.
- The Layers filter displays a history of revisions to an image, displayed in the order that the change is made. You cannot modify the original image, so when a changes is made, a new image ID is created. If a layer does not display any vulnerability information, it means that that the new layer did not require any package changes. Click a row in this filter to open a panel that displays Basic Information, Vulnerabilities, and the Commands added to the associated layer.
- The Vulnerabilities section displays information about the vulnerabilities for this image. Click a row in this filter to open a panel that displays Basic Information, including a Description of the vulnerability, Categories, and CVSS.
- The Hosts filter displays lets you view and manage the hosts that deployed this image. Click a row in this filter to display Asset Details for this host.
Additional compliance functionality
Assessing an image
The system assesses images for vulnerabilities and updates the images when the scan is done. Images that are not attached to a container in your environment or repository are not accessible. We recommended adding a registry connection to allow InsightVM to pull the image. Additionally, you can manually upload the image using the output of the docker save command.
To assess an image, click Containers > Assess.
To reassess an image, click Containers and select the image you want to reassess. Then, click Reassess Image.
Windows images are unsupported
Microsoft Windows based images are not currently supported. Detailed information and assessment results for these images will not be available.
Registries store repositories. Repositories contain images. You can view all of your repositories from supported registries, public and private, on the Repositories tab. You can filter the information and click on any line to view basic information, tags, and images.
When viewing a specific repository, you can view information about the Registry, ID, Vulnerabilities, OS/Version, Layers, Size, Image Format, and Created On date. You can also manage connections and assess a repository on this page.
To view repository details, click Containers > Repositories. Click on the item you want to see details on.