Scan images for vulnerabilities

Mirantis Secure Registry (MSR) has the ability to scan images for security vulnerabilities contained in the US National Vulnerability Database. Security scan results are reported for each image tag contained in a repository.

Security scanning is available as an add-on to MSR. If security scan results are not available on your repositories, your organization may not have purchased the security scanning feature or it may be disabled. Administrator permissions are required to enable security scanning on your MSR instance.

Important

During scanning images for security vulnerabilities, MSR temporarily extracts the contents of your images to disk. If malware is contained in these images, external scanners may wrongly attribute that malware to MSR. The key indication of this is the detection of malware in the dtr-jobrunner container in /tmp/findlib-workdir-*.

To prevent any recurrence of the issue, Mirantis recommends configuring the run-time scanner to exclude files found in the MSR dtr-jobrunner containers in /tmp, or more specifically, if wildcards can be used, in /tmp/findlib-workdir-*.