Skip to content

Images#

Lens Pro subscription feature

Security Center performs vulnerability scanning of container images in your cluster.

The Images tab contains charts that show a summary of vulnerabilities and the scanning status of container images running in the cluster. You can also find the list of container images that currently run in a cluster. The table with images displays the following essentials:

  • Platform that an image is running on
  • Number of pods that use the image
  • Number of vulnerabilities by severity level
  • Current scanning status of the image

Click an image in the table to open the Details panel where you can find more information about the container image.

Tip

You can also open the image Details panel by clicking Options > Show Details to the right from the Status column.

Image Details panel#

The Image Details panel contains information about the image, platforms, and vulnerabilities. It consists of the following parts:

General information

Image name, identifier (image digest), scanning status, and other parameters.

Platforms

The platforms in use and previous platforms. Current platforms are blue. Click a platform to see its details and history.

Vulnerabilities

A summary and a table of detected image vulnerabilities. The table is interactive, you can click the vulnerability ID to find more information from one of the vulnerability databases. By default, the scanning results are provided by the Aqua Vulnerability Database.

Tip

Image vulnerability data is also available when observing pod and deployment details in the corresponding views.

Scanning in air-gapped environments#

Lens Desktop supports work in air-gapped environments. For vulnerability scanning in an air-gapped environment, you can download the vulnerability database and use it on a machine that does not have internet access.

To download the vulnerability database using Lens Desktop:

  1. On an internet-connected machine, navigate to File > Preferences > Lens Security and click Export Current DB.
  2. Transfer the downloaded lens-vulnerability-db.tar.gz file to an air-gapped machine.
  3. On the air-gapped machine, navigate to File > Preferences > Lens Security and click Import DB.

Note

You can also download the vulnerability database using the Trivy security scanner. For details see Trivy documentation: Air-Gapped Environment.

Manual scanning#

Important

Add the following domains to the firewall exceptions to ensure the correct scanning process:

  • ghcr.io
  • pkg-containers.githubusercontent.com

To perform manual scanning:

  1. In the Cluster navigation panel, open the Images tab.
  2. From the images list, select an image you need to scan and click Options > Scan image.