Risk Metrics in Container Security
The following feature is not supported in Tenable.io Federal Risk and Authorization Management Program (FedRAMP) environments. For more information, see the FedRAMP Product Offering.
Tenable.io Container Security uses the metrics described in the following topic to categorize your images and containers on the Tenable.io Container Security dashboard.
Tenable.io Container Security assigns all vulnerabilities in an image a static severity category based on the vulnerability's CVSSv2 score.
|
Severity |
Description |
|---|---|
| Critical |
The vulnerability's CVSSv2 score is between 9.0 and 10.0. |
| High | The vulnerability's CVSSv2 score is between 7.0 and 8.9. |
| Medium | The vulnerability's CVSSv2 score is between 4.0 and 6.9. |
| Low |
The vulnerability's CVSSv2 score is between 0.1 and 3.9. |
| Unscored |
Tenable.io Container Security has not yet determined the vulnerability's risk score. |
Tenable.io Container Security calculates a container's overall risk score by determining which vulnerability on the container has the highest CVSSv2 score, then rounding that score to the nearest whole number.
For example, if the highest risk score for a vulnerability on a container is 9.2, Tenable.io Container Security assigns the entire container a risk score of 9.
| Category | Description |
|---|---|
| Unscanned | The container was created from an image that Tenable.io Container Security has never scanned for vulnerabilities. |
| Low/Medium Risk | Tenable.io Container Security scanned the image and container and assigned a risk score of 0–7. |
| High Risk | Tenable.io Container Security scanned the image and container and assigned a risk score of 8–10. |