mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-07 00:48:01 +01:00
30 lines
1.1 KiB
Plaintext
30 lines
1.1 KiB
Plaintext
:_mod-docs-content-type: ASSEMBLY
|
|
[id="pod-vulnerability-scan"]
|
|
= Scanning pods for vulnerabilities
|
|
include::_attributes/common-attributes.adoc[]
|
|
:context: pod-vulnerability-scan
|
|
|
|
toc::[]
|
|
|
|
Using the {rhq-cso}, you can access vulnerability
|
|
scan results from the {product-title} web console for container images
|
|
used in active pods on the cluster. The {rhq-cso}:
|
|
|
|
* Watches containers associated with pods on all or specified namespaces
|
|
* Queries the container registry where the containers came from for
|
|
vulnerability information, provided an image's registry is running image
|
|
scanning (such as
|
|
link:https://quay.io[Quay.io] or a
|
|
link:https://access.redhat.com/products/red-hat-quay[Red Hat Quay] registry with Clair scanning)
|
|
* Exposes vulnerabilities via the `ImageManifestVuln` object in the Kubernetes API
|
|
|
|
Using the instructions here, the {rhq-cso} is installed in the `openshift-operators`
|
|
namespace, so it is available to all namespaces on your {product-title} cluster.
|
|
|
|
//
|
|
include::modules/security-pod-scan-cso.adoc[leveloffset=+1]
|
|
include::modules/security-pod-scan-cso-using.adoc[leveloffset=+1]
|
|
|
|
//
|
|
include::modules/security-pod-scan-query-cli.adoc[leveloffset=+1]
|