Understanding "Last Scanned" date and "Vulnerabilities" Fields | Container Security

Document created by Spencer Brown Employee on Dec 19, 2019Last modified by Spencer Brown Employee on Dec 20, 2019
Version 3Show Document
  • View in full screen mode

This document is intended provide the rationale for NULL "Last Scanned" date and "Vulnerabilities" fields in the API, and no software/vulnerability information in the UI.

 

Why is there no "Last Scanned" date and no vulnerability data?

 

Container/Image found by Cloud Agent/Scanner Appliance but no CS Sensor present

The Cloud Agent and scanner have the ability to discover images and containers using the following Information Gathered QIDs:

  • QID 123782 - Docker Images Detected 
  • QID 370440 - Docker Running Container Enumerated

 

In order for any image or container to be scanned for vulnerabilities, the Qualys Container Sensor must be deployed and configured.

 

Container length of time running

If a container (not image) does not have vulnerability information, the following is a possible reason why: The container must run long enough for the CS Sensor to complete the scan.

 

No shell access on container/image

The CS Sensor requires shell access in order to scan a container/image.

 

Scratch Image

Scratch images are currently not supported as they do not have a package manager for the CS Sensor to query (yum, apt, Alpine).

 

Unsupported Container OS

Windows Containers are currently not supported, this is a roadmap item for 2020.

If running a distribution of Linux that is not currently supported, we may not show vulnerability/software information.

 

Docker in Docker (DinD)

The CS Sensor on the server container host will detect the DinD container, but the CS Sensor is not able to detect the containers running inside of the DinD container.

The CS Sensor will only detect/scan containers and images that are on the same docker engine as itself.

 

How to filter out images and containers with NULL "Last Scanned" date?

You can use the following query: "not lastScanned is null"

 

 

 

For more information on the CS Container Sensor: 

https://www.qualys.com/docs/qualys-container-sensor-deployment-guide.pdf 

2 people found this helpful

Attachments

    Outcomes