Risk Metrics in Tenable Container Security
The following feature is not supported in Tenable Vulnerability Management Federal Risk and Authorization Management Program (FedRAMP) environments. For more information, see the FedRAMP Product Offering.
Tenable Container Security uses the metrics described in the following topic to categorize your images and containers on the Tenable Container Security dashboard.
Tenable Container Security assigns all vulnerabilities in an image a static severity category based on the vulnerability's CVSSv2 score.
|
Severity |
Description |
|---|---|
| Critical |
The vulnerability's CVSSv2 score is between 9.0 and 10.0. |
| High | The vulnerability's CVSSv2 score is between 7.0 and 8.9. |
| Medium | The vulnerability's CVSSv2 score is between 4.0 and 6.9. |
| Low |
The vulnerability's CVSSv2 score is between 0.1 and 3.9. |
| Unscored |
Tenable Container Security has not yet determined the vulnerability's risk score. |
Tenable Container Security calculates a container's overall risk score by determining which vulnerability on the container has the highest CVSSv2 score, then rounding that score to the nearest whole number.
For example, if the highest risk score for a vulnerability on a container is 9.2, Tenable Container Security assigns the entire container a risk score of 9.
| Category | Description |
|---|---|
| Unscanned | The container was created from an image that Tenable Container Security has never scanned for vulnerabilities. |
| Low/Medium Risk | Tenable Container Security scanned the image and container and assigned a risk score of 0–7. |
| High Risk | Tenable Container Security scanned the image and container and assigned a risk score of 8–10. |