Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Amazon Inspector CVE in CVEList.txt not reported in the findings

0

We have gitlab-ee:16.3.1-ee.0 in our private ECR, which has a few CVEs, including CVE-2023-7028.

The CVE is found in the Amazon Inspector rules list, and in the Inspector Vulnerability database search, but somehow Amazon Inspector does not report that CVE in the Findings. CVE not found

What should we do to make sure Inspector report such CVEs?

Argomenti
ContainerSicurezza, identità e conformitàAWS Well-Architected Framework
Tag
Registro dei container di Amazon Elastic (ECR)Amazon InspectorSicurezza
Lingua
English
Richard Kang
posta 4 mesi fa247 visualizzazioni
1 Risposta
0

When was the container in ECR scanned? Was the CV publised after the inial container image was scanned?

Do you have enhanced scanning enabled to continously scan images to pick up any new CVE's?? https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning-enhanced.html

profile picture
ESPERTO
Gary Mclean
con risposta 4 mesi fa
  • Richard Kang
    4 mesi fa

    I have enhanced scanning configuration, and Lifetime ECR scanning to ensure continue automated re-scans, still the false negative in Inspector

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente