TOC & Recently Viewed

Recently Viewed Topics

Risk Metrics

Tenable.io Container Security uses the metrics described below to categorize your images and containers on the Tenable.io Container Security dashboard.

Image Risk

Tenable.io Container Security assigns all vulnerabilities in an image a static severity category based on the vulnerability's CVSSv2 score.

Tenable.io Container Security designates severity for each vulnerability using the categories described below.

Severity

Description
Critical

The vulnerability's CVSSv2 score is between 9.0 and 10.0.

High The vulnerability's CVSSv2 score is between 7.0 and 8.9.
Medium The vulnerability's CVSSv2 score is between 4.0 and 6.9.
Low

The vulnerability's CVSSv2 score is between 0.1 and 3.9.

Unscored

Tenable.io Container Security has not yet determined the vulnerability's risk score.

Container Risk

Tenable.io Container Security calculates a container's overall risk score by determining which vulnerability on the container has the highest CVSSv2 score, then rounding that score to the nearest whole number.

For example, if the highest risk score for a vulnerability on a container is 9.2, Tenable.io Container Security assigns the entire container a risk score of 9.

Tenable.io Container Security designates risk for each container using the categories described below.

Category Description
Unscanned The container was created from an image that Tenable.io Container Security has never scanned for vulnerabilities.
Low/Medium Risk Tenable.io Container Security scanned the image and container and assigned a risk score of 0–7.
High Risk Tenable.io Container Security scanned the image and container and assigned a risk score of 8–10.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.