En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Better filters for AWS inspector

0

We recently installed AWS inspector and it found quite a lot of CVE's in our ECR repo. We run patching regularly and I thought a tool like Inspector would be useful in find things to patch. Unfortunately most of the images in the repo are old images that are only there for archive purposes and aren't deployed anywhere. I think in this case the only thing that can be done to shorten the list of vulnerabilities is to remove the old images and so also lose the history. Also most of the vulnerabilities appear to have no available patches as of yet.

Is there a way to find only CVEs that really are an issue (images actually deployed to an EKS cluster somewhere) and have available patches? This would allow us to find only vulnerabilities that are both real and actionable. As it is, it's really time consuming sifting through a big list of vulnerabilities where 95% either aren't really a problem and/or there is nothing that can currently be done about them. Other security tools I've used in the past do this out of the box, but I can't seem to find a way in Inspector.

Sujets
ConteneursSécurité, identité et conformité
Balises
Service Amazon Elastic KubernetesAmazon Inspector
Langue
English
dan-dubinsky
demandé il y a 2 ans467 vues
1 réponse
0

Have you tried to configure filters in ECR?

Note that enhanced scanning in ECR refers to the (new) inspector continuous scanning.

** This will not directly address your question as they are not available as of now (i.e. filter only findings that either relating images being actually deployed in EKS and/or have patches available), but it will help to reduce # of findings generated and lower cost.

Jason_S
répondu il y a 2 ans
  • grahamschuckman
    il y a 2 ans

    I was thinking the same thing. Try putting your actively used images in a different repository from your archived images (ex: active-repository), and then use ECR filters to only scan your active-repository.

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents