Edit

Share via

View and remediate vulnerabilities for containers running on Kubernetes clusters (risk-based)

Note

This article describes the new risk-based approach to vulnerability management in Microsoft Defender for Cloud. If you're using the Defender for Cloud Security Posture Management (CSPM) plan, use this method. To use the classic secure score approach, see View and remediate vulnerabilities for images running on your Kubernetes clusters (Secure Score).

Defender for Cloud helps you prioritize the remediation of vulnerabilities in containers running on your Kubernetes clusters. It bases this prioritization on a contextual risk analysis of the vulnerabilities in your cloud environment. In this article, you review the Containers running in Azure should have vulnerability findings resolved recommendation. For the other supported environments, see the parallel recommendations in Vulnerability assessments in supported environments.

To provide findings for the recommendation, Defender for Cloud uses agentless discovery for Kubernetes or the Defender sensor to create a full inventory of your Kubernetes clusters and their workloads. It correlates that inventory with the vulnerability reports created for your registry images. The recommendation shows your running containers with the vulnerabilities associated with the images that each container uses and remediation steps.

Defender for Cloud presents the findings and related information as recommendations. This information includes remediation steps and relevant CVEs. You can view the identified vulnerabilities for one or more subscriptions or for a specific resource.

Details include additional containers affected by that vulnerability, information on the software version that contributes to resolving the vulnerability, and links to external resources to help with patching the vulnerability.

View vulnerabilities for a container

  1. Sign in to the Azure portal.

  2. Go to Microsoft Defender for Cloud > Recommendations.

  3. Search for Containers running in Azure should have vulnerability findings resolved

    Screenshot showing the recommendation line for running container images should have vulnerability findings resolved.

  4. Select the recommendation.

  5. Review the recommendation details.

    Screenshot showing the affected clusters for the recommendation.

  6. Select the Findings tab to see the list of vulnerabilities impacting the container.

    Screenshot showing the findings tab containing the vulnerabilities.

  7. Select each vulnerability to view a detailed description of the vulnerability.

    Screenshot showing the container vulnerabilities.

To find all containers impacted by a specific vulnerability, see Group recommendations by title.

For information on how to remediate the vulnerabilities, see Remediate recommendations.

Next step

  • Last updated on