Trust|Untrust CVEs and Images Globally

Sysdig Secure allows users to put specific CVEs on a Global Exception list. For example, a low-risk CVE can be globally excepted to prevent it from impacting builds that include more critical fixes. Additionally, specific images can be marked as globally trusted or untrusted to ensure they always/never pass a scan.

scan_lists.png

Tip

Previous versions of Sysdig Secure called this feature Whitelist and Blacklist, and the options were located under the Scanning Policies tab.

Note that "blacklist" options for other entities, such as users, ports, packages, etc., are listed in Scanning Policy Gates and Triggers.

Add CVEs to the Global Exception List

There are two ways to add CVEs to the Exception list: from the list or from a scan result.

From the Global Exceptions List:

  1. From the Image Scanning module, select Vulnerability Exceptions.

    The list of any vulnerabilities granted global access is displayed.

  2. Select Add Vulnerability.

    scan_vuln.png
  3. Add each CVE in a comma-separated list, then click Ok to save.

    Each item in the list must follow the CVE naming format (CVE-YEAR-ID).

From the Scan Results:

  1. From the Image Scanning module, choose Scan Results and select one of the listed repos.

    If there is a fail result related to a vulnerability, you can whitelist that CVE.

  2. Click the More Options (+) icon beside the relevant CVE.

    374670754.png
  3. Select Add Whitelist.

Add Images to a Global List

There are two ways to add images to a Global Trusted or Untrusted list: from the list or from a scan result.

From the Global list:

  1. From the Image Scanning module, select either Global - Trusted Images or Global - Untrusted Images.

    The list of previously added images is displayed.

  2. Click the Add Image button.

  3. Add each image in a comma-separated list, then click Ok.

    A tag name must be valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes.

    A tag name may not start with a period or a dash and may contain a maximum of 128 characters.

From the Scan Results:

  1. From the Image Scanning module, choose the Scan Results tab.

  2. Select the relevant repository from the list and open the relevant image.

  3. Click Add to List at the top of the page.

    374670761.png
  4. Select either Add Image to Trusted Images or Add Image to Untrusted Images as needed.

Remove a CVE or Image from a List

To remove one or more CVEs or images for the various lists:

  1. From the Image Scanning menu, select one of the three lists.

  2. Click the Delete (X) icon beside the relevant CVE/image.

  3. Click Save.