View Container Details

The following feature is not supported in Tenable FedRAMP Moderate environments. For more information, see the Tenable FedRAMP Moderate Product Offering.

Required Additional License: Tenable Container Security

Required Tenable Vulnerability Management User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

A container is a running instance of an image. You create containers from an image each time you run the image on your application. You can create multiple containers from a single image, and you can change those containers without affecting the image from which you created them.

After you perform a credentialed Tenable Nessus scan on your system, Tenable Container Security uses the scan results to identify images and containers and analyze each container for risk.

Tenable Container Security then shows the containers by scan status and risk level in the Identified Containers widget on the Tenable Container Security dashboard based on the results of the most recent scan.

Note: Tenable Container Security identifies and analyzes only the images and containers found via credentialed Tenable Nessus scans.

Note: Tenable Container Security imports and rescans your images at regular intervals, beginning when you first import and scan the images.

Before you begin:

• If Tenable Container Security has not yet scanned the source image used to create the container you want to analyze, use one of the following methods to import the image for scanning:

  • Push an individual image to Tenable Container Security.
  • Configure Tenable Container Security Connectors to Import and Scan Images stored in your organization's local registry.
  • Use the Tenable Container Security Scanner to scan your images directly from your organization's local registry or your machine.

• Run a Tenable Nessus scan on the network where your containers run, selecting the Basic Network Scan template and providing your network authentication credentials. For more information about Tenable Nessus scan templates, see Scan and Policy Templates in the Tenable Nessus User Guide.

  Note: Tenable Container Security imports data from Tenable Nessus to determine if there have ever been any changes made to files on the container. If Tenable Nessus detects file changes, Tenable recommends that you check your images and repositories and confirm that no one has accessed them without authorization.

  Tip: Alternatively, you can run a Tenable Nessus Agent scan on the network where the container runs. For more information, see the Tenable Nessus Agent User Guide.

To view container details:

1. In the Container Security dashboard, find the Identified Containers widget. This widget categorizes your containers by risk and scan status.

   Note: For information about how Tenable Container Security calculates container risk, see Container Risk.

2. Click the Identified Containers widget.
   The Identified Containers page appears. The identified containers table lists all the containers created from images scanned by Tenable Container Security.
   

3. In the identified containers table, you can:

   • Filter the identified containers table.
   • Search the identified containers table.

   • View the summary for your identified containers in the identified containers table.

     Column	Description
     Container ID	The ID that the software your container runs on assigned to the container.
     Repository/Image:Tag	The repository name, image name, and image tag (for example, latest).
     Risk Score	The risk score on a scale of 1-10.
     Scan Status	Indicates whether Tenable Container Security has scanned the container's source image. — Tenable Container Security has scanned the source image. — Tenable Container Security has never scanned the source image. Note: When you initiate an image import, Tenable Container Security immediately queues the image to scan. However, Tenable Container Security does not always complete the scan immediately. To prevent undetected vulnerabilities, Tenable recommends that you confirm any images marked as not scanned are imported for scanning.
     File Changed	Indicates whether the Tenable Nessus scan detected any changes to container files. Note: If Tenable Vulnerability Management detects any file changes, Tenable recommends that you check your images and repositories and confirm that no one has accessed them without authorization. — Tenable Nessus did not detect file changes during its scan. — Tenable Nessus detected file changes during its scan.
     Vulnerabilities	The number of vulnerabilities detected in the container.
     Malware	The number of malware items detected in the container.
     Host IP	The IP address for the server where the container runs.

   •  View details for a specific container.
     1. In the identified containers table, click the row for the container you want to view.
        The identified containers details page appears.

     2. On the identified containers details page, you can:

        Tab	Action
        Vulnerabilities	View details for each vulnerability identified in the image your identified container links to: In the Severity column, view the severity rating Tenable Container Security assigned the image. Note: For information about how Tenable Container Security determines image risk, see Image Risk. In the Exposure ID column, view the vulnerability's ID. Note: The authority that identifies a given vulnerability determines the vulnerability’s ID format. In the Risk Score column, view the CVSSv2 score. In the Release Date column, view the date when the software on which the container runs released the vulnerability. Click a row in the vulnerabilities table. The vulnerability details plane appears, containing details and remediation recommendations for the vulnerability.
        Malware	View details about malware detected in the identified container: In the Infected File column, view the name of each infected file as it appears on the container. In the Risk Score column, view the CVSSv2 score for each infected file.
        Images	View details about the image your container links to. In the Image ID column, view the image ID. Note: The image ID automatically generates when the software that hosts your image (for example, Docker) creates the image. In the Repository column, view the local repository where the image resides. In the Image Name column, view the image name as it appears in the repository. In the Tag column, view the tag associated with the image (for example, latest). Click a row in the image table. The details page appears for the image your identified container links to. For information about the image details, see View Scan Results for Container Images.
        Package Inventory	View details about the package in the image your identified container links to, including the package name, version, license, and type.