Scanner reporting¶
You can review and submit the vulnerability scanning results to Mirantis Customer Support to help with the troubleshooting process.
Possible scanner report issues include:
Scanner crashes
Improperly extracted containers
Improperly detected components
Incorrectly matched backport
Vulnerabilities improperly matched to components
Vulnerability false positives
Export a scanner report¶
Log in to the MSR web UI.
In the left-side navigation panel, select Repositories.
Click the required repository and select the Tags tab.
Navigate to the required image and click View details.
Click Export Report and select:
Export as JSON to use for support and diagnostics.
Export as CSV to use for further processing by Windows or Linux shell scripts.
Find the report as either
scannerReport.json``or ``scannerReport.txt
in your browser downloads directory.
Submit a scanner report¶
To send a scanner report directly to Mirantis Customer Support:
Log in to the MSR web UI.
Navigate to View Details and click Components.
Click Show layers affected for the layer you want to report.
Click Report Issue. A pop-up window displays with the fields detailed in the following table:
Field
Description
Component
Automatically filled out and not editable. If the information is incorrect, make a note in the Additional info field.
Reported version or date
Automatically filled out and not editable. If the information is incorrect, make a note in the Additional info field.
Report layer
Indicate the image or image layer. Options include: Omit layer, Include layer, Include image.
False Positive(s)
Optional. Select from the drop-down menu all CVEs you suspect are false positives. Toggle the False Positive(s) control to edit the field.
Missing Issue(s)
Optional. List CVEs you suspect are missing from the report. Enter CVEs in the format
CVE-yyyy-####
orCVE-yyyy-#####
and separate each CVE with a comma. Toggle the Missing Issue(s) control to edit the field.Incorrect Component Version
Optional. Enter any incorrect component version information in the Missing Issue(s) field. Toggle the Incorrect Component Version control to edit the field.
Additional info
Optional. Indicate anything else that does not pertain to other fields. Toggle the Additional info control to edit this field.
Fill out the fields in the pop-up window and click Submit.
MSR generates a JSON-formatted scanner report, which it bundles into a file together with the scan data. This file downloads to your local drive, at which point you can share it as needed with Mirantis Customer Support.
Important
To submit a scanner report along with the associated image, bundle the items
into a .tgz
file and include that file in a Mirantis Customer
Support ticket.
To download the relevant image:
docker save <msr-address>/<user>/<image-name>:tag <image-name>.tar
To bundle the report and image as a .tgz
file:
tar -cvzf scannerIssuesReport.tgz <image-name>.tar scannerIssuesReport.json