Working with Containers

In InsightVM, a container represents a software application and can contain all of the necessary code, run-time, system tools, and libraries needed to run the application.

Using containers to manage application deployment is a rapidly growing technology, but container images can have some risk. InsightVM provides visibility into vulnerabilities and risks associated with the components and layers of a container.

InsightVM allows you to:

  • Discover which assets are acting as container hosts in your environment.
  • Increase the visibility of where your container hosts live so you can manage your container problems.
  • Identify your running or stopped containers.
  • Identify container hosts that do not comply with CIS benchmarks for common OSes or comply with the official Docker CIS benchmark.
  • Provide visibility and risk associated with the packages and layers of a container image.
  • Perform vulnerability assessment on the container image as it is built and deployed.

Enumeration Support

Container enumeration is only supported on Linux.

basic

Supported registries

A registry can contain one or more repositories. These repositories contain groups of container images. InsightVM supports the following registries:

  • Amazon EC2 Container Registry (ECR)
  • Azure Container Registry
  • Docker Hub
  • Privately Hosted Docker Registry
  • Google Container Registry (GCR)
  • Quay.io

NOTE

InsightVM can connect to other registries as long as they implement the proper Docker Registry protocol. If your desired registry is not listed here, confirm that it is compatible with Docker Registry HTTP API V2 before creating a connection.

Discovering containers

Containers in your environment are synced during the scanning process. This allows you to see where your hosts live and manager containers as necessary.

Use the Asset details page to view your Containers.

NOTE

The user credentials configured in your site configuration must have the necessary elevated privileges in order for the scan to run the commands that discover containers. You can ensure that these privileges are in place by configuring your scan with one of the following options:

  • Scan with the root user
  • Scan with privilege escalation using sudo, su, sudo+su, and others
  • Add the scan user to the container group, such as a Docker group

Searching for containers

Use the Filtered Asset Search to search for containers. You can also search by container status and container image.

You can also search for specific container images and repositories using the query search. To access this search field, click the Containers icon, and then open the Images Details page or the Repositories view.

Viewing containers

The Containers dashboard provides a quick view of all container host assets and lists of commonly deployed images and assets sorted by the number of running containers.

To view the Container dashboard, click on the Dashboard dropdown and select the dashboard you want to view.

Container dashboard default cards

  • Most Commonly Deployed Images - Displays the container images that are used the most.
  • Image Assessment - Displays the percentage of images that were assessed for vulnerabilities.
  • Container Hosts - Displays the number of assets that have the Docker software installed and can run containers, but may not be deployed.
  • Assets with Deployed Containers - Displays the number of active assets that have containers deployed and running.
  • Most Vulnerable Images - Displays container images that have the most vulnerabilities of the total scanned.

Viewing the Container dashboard for the first time

If this is the first time you are viewing the Container dashboard, go to the Rapid7 Recommends These Dashboard Templates area, click Containers Dashboard, give the dashboard a name and description, and click OK.