You can review vulnerability scanning results and submit those results to Mirantis Customer Support to help with the troubleshooting process.
Possible scanner report issues include:
Improperly extracted containers
Improperly detected components
Incorrectly matched backport
Vulnerabilities improperly matched to components
Vulnerability false positives
Export a scanner report¶
You can export a scanner report as a JSON (for support and diagnostics) or a CSV file (for processing using Windows or Linux shell scripts).
Sign in to MSR.
Navigate to Repositories > <repo-name> > Tags.
Click View Details for the required image.
Click Export Report and select Export as JSON or Export as CSV.
Find the report as either
scannerReport.json(for JSON) or
scannerReport.txt(for CSV) in your browser downloads directory.
Submit a scanner report¶
You can send a scanner report directly to Mirantis Customer Support to help the group in their troubleshooting efforts.
Sign in to MSR.
Navigate to the View Details page and click the Components tab.
Click Show layers affected for the layer you want to report.
Click Report Issue. A pop-up window displays with the fields detailed in the following table:
The Component field is automatically filled out and is not editable. If the information is incorrect, make a note in the Additional info field.
Reported version or date
The Reported version or date field is automatically filled out and is not editable. If the information is incorrect, make a note in the Additional info field.
Indicate the image or image layer. Options include: Omit layer, Include layer, Include image.
Optional. Select from the drop-down menu all CVEs you suspect are false positives. Toggle the False Positive(s) control to edit the field.
Optional. List CVEs you suspect are missing from the report. Enter CVEs in the format
CVE-yyyy-#####and separate each CVE with a comma. Toggle the Missing Issue(s) control to edit the field.
Incorrect Component Version
Optional. Enter any incorrect component version information in the Missing Issue(s) field. Toggle the Incorrect Component Version control to edit the field.
Optional. Indicate anything else that does not pertain to the other fields. Toggle the Additional info control to edit this field.
Fill out the fields in the pop-up window and click Submit.
MSR generates a JSON-formatted scanner report, which it bundles into a file together with the scan data. This file downloads to your local drive, at which point you can share it as needed with Mirantis Customer Support.
To submit a scanner report along with the associated image, bundle the items
.tgz file and include that file in a new Mirantis Customer
To download the relevant image:
docker save <msr-address>/<user>/<image-name>:tag <image-name>.tar
To bundle the report and image as a
tar -cvzf scannerIssuesReport.tgz <image-name>.tar scannerIssuesReport.json