Images#
Lens Pro subscription feature
Security Center performs vulnerability scanning of container images in your cluster.
The Images tab contains charts that show a summary of vulnerabilities and the scanning status of container images running in the cluster. You can also find the list of container images that currently run in a cluster. The table with images displays the following essentials:
- Platform that an image is running on
- Number of pods that use the image
- Number of vulnerabilities by severity level
- Current scanning status of the image
Click an image in the table to open the Details panel where you can find more information about the container image.
Tip
You can also open the image Details panel by clicking Options > Show Details to the right from the Status column.
Image Details panel#
The Image Details panel contains information about the image, platforms, and vulnerabilities. It consists of the following parts:
General information
Image name, identifier (image digest), scanning status, and other parameters.
Platforms
The platforms in use and previous platforms. Current platforms are blue. Click a platform to see its details and history.
Vulnerabilities
A summary and a table of detected image vulnerabilities. The table is interactive, you can click the vulnerability ID to find more information from one of the vulnerability databases. By default, the scanning results are provided by the Aqua Vulnerability Database.
Tip
Image vulnerability data is also available when observing pod and deployment details in the corresponding views.
Scanning in air-gapped environments#
Lens Desktop supports work in air-gapped environments. For vulnerability scanning in an air-gapped environment, you can download the vulnerability database and use it on a machine that does not have internet access.
To download the vulnerability database using Lens Desktop:
- On an internet-connected machine, navigate to File > Preferences > Lens Security and click Export Current DB.
- Transfer the downloaded
lens-vulnerability-db.tar.gz
file to an air-gapped machine. - On the air-gapped machine, navigate to File > Preferences > Lens Security and click Import DB.
Note
You can also download the vulnerability database using the Trivy security scanner. For details see Trivy documentation: Air-Gapped Environment.
Manual scanning#
Important
Add the following domains to the firewall exceptions to ensure the correct scanning process:
- ghcr.io
- pkg-containers.githubusercontent.com
To perform manual scanning:
- In the Cluster navigation panel, open the Images tab.
- From the images list, select an image you need to scan and click Options > Scan image.