Managing Container Images

The Container details view displays information about all of your container images and their associated repositories. You can also view details for specific images and repositories, assess images when necessary, and manage container registry connections.

Selecting an image ID

If you cannot select an image ID, you may need to add a registry connection.

The images details default to the Images view which displays all of the public and private Container images in your environment. Additionally, you can click the Assessed filter to view status or the Not Assessed filter to view images that were not assessed. If an image is not assessed, the Assess button is available.

The Images view, and the Assessed and Not Assessed filters display the following information:

  • ID - Displays the image ID.
    • Repository - Displays the name of the Repository where the image resides.
  • Tags - Displays the tags associated with this image. Note that only up to four tags will display. Additional tags will not display.
  • Risk Score - Displays the image calculated risk score. See the Risk Scoring FAQ for more information.
  • Vulnerabilities - Displays the number of known vulnerabilities for this image. The options are Moderate, Severe, or Critical. Hover over the number in this column to see the breakdown of these vulnerabilities.
  • Critical, Severe, and Moderate - Displays the vulnerability breakdown for the selected image. These are the same numbers that appear if you hover over an item in the Vulnerabilities column.
  • Operating System - Displays the operating system on which the image is based.
  • Hosts - Displays the number of hosts that are running on this image.
  • Packages - The number of installed system packages and software.
  • Size - Displays the size of this image.
  • Created On - Displays the date on which the image was created.
  • Assessment Status - Displays the assessed status for an image. If this column is blank for an image, the assessment is complete. If an Assess button appears, the image is not yet assessed. Press to begin assessing the image. A spinner appears while the assessment is in progress.

NOTE

The assessment status column doesn’t have a header and is located on the far right of the table.

Viewing image details

Use the "Containers > Images" view to view image details.

To view image details:

  1. Click the Containers icon. The Container details page opens to the Images view.
  2. Click an item in the ID column. The Image Details view opens to display the Images Details panel and the related views.

Image details include the Registry, ID, Created date, Layers, Operating System, Size, Format, and Tags. You can also click a row in this view to open a panel that displays vulnerabilities information for an image.

Additionally, you can view the following filters:

  • The Packages filter displays information about the software packages that are contained in the image and the current aggregated status. Click a row in this view to open a panel that displays Vulnerabilities, including Vulnerability Name, Published On date, and Risk Score.
  • The filter that displays the repository name displays repository details, including Tags, Risk Score, Vulnerabilities, OS, Packages, Layers, Size, and Created On date. If necessary, you can also Assess a repository in this view.
  • The Layers filter displays a history of revisions to an image, displayed in the order that the change is made. You cannot modify the original image, so when a changes is made, a new image ID is created. If a layer does not display any vulnerability information, it means that that the new layer did not require any package changes. Click a row in this filter to open a panel that displays Basic Information, Vulnerabilities, and the Commands added to the associated layer.
  • The Vulnerabilities filter displays information about the vulnerabilities for this image. Click a row in this filter to open a panel that displays Basic Information, including a Description of the vulnerability, Categories, and CVSS.
  • The Hosts filter displays lets you view and manage the hosts that deployed this image. Click a row in this filter to display Asset Details for this host.

Additional compliance functionality

If your selected image has been assessed with the CI/CD plugin, the Build Compliance tab will be available from the “Image Details” screen. See the Container Builds Interface page to learn more.

Assessing an image

If the image is accessible, the system will assess it for vulnerabilities and update when the scan is done. If the image is not accessible, a window appears. You'll need to add a registry connection to allow InsightVM to pull the image (recommended), or manually upload the image using the output of the docker save command.

NOTE

You can't view images that are not attached to a container in your environment or repository, so the window is only accessible from a container.

You may need to assess an image if it is in a private repository and a registry connection is not configured to allow access to it. You can also reassess an image if necessary. Note: The Assess button only appears if an image has not been assessed.

To assess an image:

  1. Click the Containers icon.
  2. Click the Assess button located in the Assessment column.

Microsoft Windows based images are not currently supported. Detailed information and assessment results for these images will not be available.

Reassessing an image

To reassess an image:

  1. Click the Containers icon.
  2. In the ID or Tags column , click the image that you want to reassess.
  3. Click the Reassess Image button located on the "Image Details" view.

If the image is accessible, the system will assess it for vulnerabilities and update when the scan is done. If the image is not accessible, a window appears. You'll need to add a registry connection to allow InsightVM to pull the image.

Viewing repositories

Use the Repositories view to display all of your repositories, both public and private, from the supported registries. Registries store repositories; repositories contain images. Click a specific registry filter to view registries by vendor. You can also click any line in this view to open a panel that displays Basic Information, Tags, and Images.

The Repositories view and individual repository filters share the following information:

  • Repository - The name of the repository.
  • Description - A description of the repository.
  • Tags - The tags associated with this repository. You can click a tag to view details about the the images in its repository.
  • Vendor - The vendor associated with this repository.

Viewing repository details

Repository details include information about the Registry, ID, Vulnerabilities, OS/Version, Layers, Size, Image Format, and Created On date. You can also manage connections and assess a repository, if necessary.

The Repositories Details view displays the following information:

  • ID - Displays the repository ID.
  • Tags - Displays the tags associated with this repository.
  • Risk Score - Displays the calculated risk score. See the Risk Scoring FAQ for more information.
  • Vulnerabilities - Displays the number of known vulnerabilities for this repository. The options are Moderate, Severe, or Critical. Hover over the number in this column to see the breakdown of these vulnerabilities.
  • Critical, Severe, and Moderate - Displays the vulnerability breakdown for the selected repository. These are the same numbers that appear if you hover over an item in the vulnerability column.
  • Operating System - Displays the operating system on which the repository is running.
  • Hosts - Displays the number of active hosts for this image.
  • Packages - The number of installed system packages and software.
  • Size - Displays the size of this repository.
  • Created On - Displays the date on which the repository was created.
  • Assessment - Displays the assessed status for a repository. If there is an Assess button, click it to assess this repository.

To view repository details:

  1. Click the Containers icon.
  2. Click Repositories. The Repository Details view opens.
  3. Click an item in the Repository column to see the details.