Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Amazon Inspector CVE in CVEList.txt not reported in the findings

0

We have gitlab-ee:16.3.1-ee.0 in our private ECR, which has a few CVEs, including CVE-2023-7028.

The CVE is found in the Amazon Inspector rules list, and in the Inspector Vulnerability database search, but somehow Amazon Inspector does not report that CVE in the Findings. CVE not found

What should we do to make sure Inspector report such CVEs?

Temas
ContenedoresSeguridad, identidad y cumplimientoAWS Well-Architected Framework
Etiquetas
Amazon Elastic Container Registry (ECR)Amazon InspectorSeguridad
Idioma
English
Richard Kang
preguntada hace 4 meses247 visualizaciones
1 Respuesta
0

When was the container in ECR scanned? Was the CV publised after the inial container image was scanned?

Do you have enhanced scanning enabled to continously scan images to pick up any new CVE's?? https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning-enhanced.html

profile picture
EXPERTO
Gary Mclean
respondido hace 4 meses
  • Richard Kang
    hace 4 meses

    I have enhanced scanning configuration, and Lifetime ECR scanning to ensure continue automated re-scans, still the false negative in Inspector

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante