Edit

View and remediate vulnerabilities for containers running on Kubernetes clusters (risk-based)

Note

This article describes the new risk-based approach to vulnerability management in Microsoft Defender for Cloud. If you're using the Defender cloud security posture management (Defender CSPM) plan, use this method. To use the classic secure score approach, see View and remediate vulnerabilities for images running on your Kubernetes clusters (Secure Score).

Defender for Cloud helps you prioritize remediation for vulnerabilities in containers running on your Kubernetes clusters. It uses contextual risk analysis across your cloud environment. In this article, you review the Containers running in Azure should have vulnerability findings resolved recommendation. For other supported environments, see Vulnerability assessments in supported environments.

To provide findings for the recommendation, Defender for Cloud uses agentless discovery for Kubernetes or the Defender sensor to create a full inventory of your Kubernetes clusters and their workloads. It correlates that inventory with the vulnerability reports created for your registry images. The recommendation shows your running containers with the vulnerabilities associated with the images that each container uses and remediation steps.

Defender for Cloud presents the findings and related information as recommendations. This information includes remediation steps and relevant CVEs. You can view the identified vulnerabilities for one or more subscriptions or for a specific resource.

Details include additional containers affected by that vulnerability, information on the software version that contributes to resolving the vulnerability, and links to external resources to help with patching the vulnerability.

View vulnerabilities for a container

To view vulnerabilities for a container:

  1. Sign in to the Azure portal.

  2. Go to Microsoft Defender for Cloud > Recommendations.

  3. Search for Containers running in Azure should have vulnerability findings resolved

    Screenshot showing the recommendation line for running container images should have vulnerability findings resolved.

  4. Select the recommendation.

  5. Review the recommendation details.

    Screenshot showing the affected clusters for the recommendation.

  6. Select the Findings tab to see the list of vulnerabilities impacting the container.

    Screenshot showing the findings tab containing the vulnerabilities.

  7. Select each vulnerability to view a detailed description of the vulnerability.

    Screenshot showing the container vulnerabilities.

To find all containers affected by a specific vulnerability, see Group recommendations by title.

To remediate vulnerabilities, see Remediate recommendations.

Next step

View and remediate vulnerabilities for registry images

  • Last updated on