Risk Metrics

Tenable.io Container Security uses the metrics described below to categorize your images and containers on the Tenable.io Container Security dashboard.

Image Risk

Tenable.io Container Security assigns all vulnerabilities in an image a static severity category based on the vulnerability's CVSSv2 score.

Tenable.io Container Security designates severity for each vulnerability using the categories described below.

Severity

Description
Critical

The vulnerability's CVSSv2 score is between 9.0 and 10.0.

High The vulnerability's CVSSv2 score is between 7.0 and 8.9.
Medium The vulnerability's CVSSv2 score is between 4.0 and 6.9.
Low

The vulnerability's CVSSv2 score is between 0.1 and 3.9.

Unscored

Tenable.io Container Security has not yet determined the vulnerability's risk score.

Container Risk

Tenable.io Container Security calculates a container's overall risk score by determining which vulnerability on the container has the highest CVSSv2 score, then rounding that score to the nearest whole number.

For example, if the highest risk score for a vulnerability on a container is 9.2, Tenable.io Container Security assigns the entire container a risk score of 9.

Tenable.io Container Security designates risk for each container using the categories described below.

Category Description
Unscanned The container was created from an image that Tenable.io Container Security has never scanned for vulnerabilities.
Low/Medium Risk Tenable.io Container Security scanned the image and container and assigned a risk score of 0–7.
High Risk Tenable.io Container Security scanned the image and container and assigned a risk score of 8–10.