openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-07 09:46:53 +01:00
Code Issues Releases Activity
Files
f7a24b39697c7cf161db94de606a27e5bec2b43e
openshift-docs/security/pod-vulnerability-scan.adoc

28 lines
1.1 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
[id="pod-vulnerability-scan"]
= Scanning pods for vulnerabilities
include::modules/common-attributes.adoc[]
:context: pod-vulnerability-scan
toc::[]
Using the Container Security Operator (CSO), you can access vulnerability
scan results from the {product-title} web console for container images
used in active pods on the cluster. The CSO:
* Watches containers associated with pods on all or specified namespaces
* Queries the container registry where the containers came from for
vulnerability information, provided an images registry is running image
scanning (such as
link:https://quay.io[Quay.io] or a
link:https://access.redhat.com/products/red-hat-quay[Red Hat Quay] registry with Clair scanning)
* Exposes vulnerabilities via the `ImageManifestVuln` object in the Kubernetes API
Using the instructions here, the CSO is installed in the `openshift-operators`
namespace, so it is available to all namespaces on your OpenShift cluster.
//
include::modules/security-pod-scan-cso.adoc[leveloffset=+1]
//
include::modules/security-pod-scan-query-cli.adoc[leveloffset=+1]
View Git Blame Copy Permalink