Scanner reporting

Scanner reporting

You can review vulnerability scanning results and submit those results to Mirantis Customer Support to help with the troubleshooting process.

Possible scanner report issues include:

  • Scanner crashes

  • Improperly extracted containers

  • Improperly detected components

  • Incorrectly matched backport

  • Vulnerabilities improperly matched to components

  • Vulnerability false positives

Export a scanner report

You can export a scanner report as a JSON (for support and diagnostics) or a CSV file (for processing using Windows or Linux shell scripts).

  1. Sign in to MSR.

  2. Navigate to Repositories > <repo-name> > Tags.

  3. Click View Details for the required image.

  4. Click Export Report and select Export as JSON or Export as CSV.

    Find the report as either scannerReport.json (for JSON) or scannerReport.txt (for CSV) in your browser downloads directory.

Submit a scanner report

You can send a scanner report directly to Mirantis Customer Support to help the group in their troubleshooting efforts.

  1. Sign in to MSR.

  2. Navigate to the View Details page and click the Components tab.

  3. Click Show layers affected for the layer you want to report.

  4. Click Report Issue. A pop-up window displays with the fields detailed in the following table:

    Field

    Description

    Component

    The Component field is automatically filled out and is not editable. If the information is incorrect, make a note in the Additional info field.

    Reported version or date

    The Reported version or date field is automatically filled out and is not editable. If the information is incorrect, make a note in the Additional info field.

    Report layer

    Indicate the image or image layer. Options include: Omit layer, Include layer, Include image.

    False Positive(s)

    Optional. Select from the drop-down menu all CVEs you suspect are false positives. Toggle the False Positive(s) control to edit the field.

    Missing Issue(s)

    Optional. List CVEs you suspect are missing from the report. Enter CVEs in the format CVE-yyyy-#### or CVE-yyyy-##### and separate each CVE with a comma. Toggle the Missing Issue(s) control to edit the field.

    Incorrect Component Version

    Optional. Enter any incorrect component version information in the Missing Issue(s) field. Toggle the Incorrect Component Version control to edit the field.

    Additional info

    Optional. Indicate anything else that does not pertain to the other fields. Toggle the Additional info control to edit this field.

  5. Fill out the fields in the pop-up window and click Submit.

MSR generates a JSON-formatted scanner report, which it bundles into a file together with the scan data. This file downloads to your local drive, at which point you can share it as needed with Mirantis Customer Support.

Important

To submit a scanner report along with the associated image, bundle the items into a .tgz file and include that file in a new Mirantis Customer Support ticket.

To download the relevant image:

docker save <msr-address>/<user>/<image-name>:tag <image-name>.tar

To bundle the report and image as a .tgz file:

tar -cvzf scannerIssuesReport.tgz <image-name>.tar scannerIssuesReport.json