Scanner reporting

You can review and submit the vulnerability scanning results to Mirantis Customer Support to help with the troubleshooting process.

Possible scanner report issues include:

  • Scanner crashes

  • Improperly extracted containers

  • Improperly detected components

  • Incorrectly matched backport

  • Vulnerabilities improperly matched to components

  • Vulnerability false positives

Export a scanner report

  1. Log in to the MSR web UI.

  2. In the left-side navigation panel, select Repositories.

  3. Click the required repository and select the Tags tab.

  4. Navigate to the required image and click View details.

  5. Click Export Report and select:

    • Export as JSON to use for support and diagnostics.

    • Export as CSV to use for further processing by Windows or Linux shell scripts.

  6. Find the report as either scannerReport.json``or ``scannerReport.txt in your browser downloads directory.

Submit a scanner report

You can send a scanner report directly to Mirantis Customer Support to help the group in their troubleshooting efforts.

To send a scanner report directly to Mirantis Customer Support:

  1. Log in to the MSR web UI.

  2. Navigate to View Details and click Components.

  3. Click Show layers affected for the layer you want to report.

  4. Click Report Issue. A pop-up window displays with the fields detailed in the following table:

    Field

    Description

    Component

    Automatically filled out and not editable. If the information is incorrect, make a note in the Additional info field.

    Reported version or date

    Automatically filled out and not editable. If the information is incorrect, make a note in the Additional info field.

    Report layer

    Indicate the image or image layer. Options include: Omit layer, Include layer, Include image.

    False Positive(s)

    Optional. Select from the drop-down menu all CVEs you suspect are false positives. Toggle the False Positive(s) control to edit the field.

    Missing Issue(s)

    Optional. List CVEs you suspect are missing from the report. Enter CVEs in the format CVE-yyyy-#### or CVE-yyyy-##### and separate each CVE with a comma. Toggle the Missing Issue(s) control to edit the field.

    Incorrect Component Version

    Optional. Enter any incorrect component version information in the Missing Issue(s) field. Toggle the Incorrect Component Version control to edit the field.

    Additional info

    Optional. Indicate anything else that does not pertain to other fields. Toggle the Additional info control to edit this field.

  5. Fill out the fields in the pop-up window and click Submit.

MSR generates a JSON-formatted scanner report, which it bundles into a file together with the scan data. This file downloads to your local drive, at which point you can share it as needed with Mirantis Customer Support.

Important

To submit a scanner report along with the associated image, bundle the items into a .tgz file and include that file in a Mirantis Customer Support ticket.

To download the relevant image:

docker save <msr-address>/<user>/<image-name>:tag <image-name>.tar

To bundle the report and image as a .tgz file:

tar -cvzf scannerIssuesReport.tgz <image-name>.tar scannerIssuesReport.json