mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
56 lines
1.3 KiB
Plaintext
56 lines
1.3 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/pod-vulnerabilities-scan.adoc
|
|
|
|
:_content-type: PROCEDURE
|
|
[id="security-pod-scan-query-cli_{context}"]
|
|
= Querying image vulnerabilities from the CLI
|
|
Using the `oc` command, you can display information about
|
|
vulnerabilities detected by the {rhq-cso}.
|
|
|
|
.Prerequisites
|
|
* Be running the {rhq-cso} on your
|
|
{product-title} instance
|
|
|
|
.Procedure
|
|
|
|
* To query for detected container image vulnerabilities, type:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get vuln --all-namespaces
|
|
----
|
|
+
|
|
.Example output
|
|
[source,terminal]
|
|
----
|
|
NAMESPACE NAME AGE
|
|
default sha256.ca90... 6m56s
|
|
skynet sha256.ca90... 9m37s
|
|
----
|
|
|
|
* To display details for a particular vulnerability, provide the
|
|
vulnerability name and its namespace to the `oc describe` command.
|
|
This example shows an active container whose image includes an RPM package with a vulnerability:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc describe vuln --namespace mynamespace sha256.ac50e3752...
|
|
----
|
|
+
|
|
.Example output
|
|
[source,terminal]
|
|
----
|
|
Name: sha256.ac50e3752...
|
|
Namespace: quay-enterprise
|
|
...
|
|
Spec:
|
|
Features:
|
|
Name: nss-util
|
|
Namespace Name: centos:7
|
|
Version: 3.44.0-3.el7
|
|
Versionformat: rpm
|
|
Vulnerabilities:
|
|
Description: Network Security Services (NSS) is a set of libraries...
|
|
----
|