10.7. Tool version menu
To see the detailed info of Docker image version:
- Click any Tool version:
- Tool version menu will be shown:
This tab contains the detailed info of the Docker image's scanning results.
Here you can see vulnerable components (a). Each component has severity estimation (b):
Expand each component details by clicking the "Plus" icon to see more information about it:
a) link to a page of the vulnerability description
b) the component version in which this vulnerability was fixed
c) severity level
d) short description of the vulnerability (it appears when hovering mouse pointer over the link a)
Sort components alphabetically (1), or by their severity (2):
On this tab version-level settings are defined. If these settings are specified - they will be applied to each run of the docker image version. If version-level settings are not defined: docker-level settings will be applied for launch. If docker-level settings are not defined: global defaults will be applied.
There are 3 groups of parameters that user can specify (they are analogical to the "Execution environment" of tool settings, for more details see here):
- Execution defaults
- System parameters
- Custom parameters
For change version-level settings, e.g.:
- Select an Instance type.
- Set the Price type.
- Input the Disk size.
- Click Save button:
- Click button to return into the tool menu.
- Click Run → Custom settings for the changed tool version.
- Check that version-level settings are applied:
Note: via the Cloud Region field at the Version Settings tab, the admin/tool owner can select a specific Cloud Provider/Region to enforce users to run that tool version in it:
By default, it has
Not configuredvalue. This means, that a tool version will be launched in a Default region (configured in the global settings) or a user can set any allowed Cloud Region/Provider manually.
On this tab user can see the full list software packages installed into a specific Docker image.
List of packages is generated from the docker version together with vulnerabilities scanning.
This occurs nightly (all dockers are scanned) or if admin explicitly requests scanning by clicking SCAN button for a specific version.
Currently the following types of software packages can be scanned:
- System package manager's database (i.e. yum, apt)
- R packages
- Python packages
Software packages are combined into groups named "Ecosystems".
To view content of any ecosystem, select it in the dropdown list:
Information about each package contains:
- Package name
- Package description (if available)
For filter/search packages type some text into a search-query field. Search will be done automatically across all ecosystems: