Sysdig Documentation

Whitelist | Blacklist CVEs and Images

Sysdig Secure allows users to define CVEs and images as globally trusted or blacklisted. For example, a low-risk CVE can be globally approved to prevent it from impacting builds that include more critical fixes. Alternatively, specific images can be marked as globally approved or not to ensure they always/never pass a scan.

Tip

Blacklist options for other entities, such as users, ports, packages, etc., are listed in Scanning Policy Gates and Triggers.

Review the Whitelisted/Blacklisted CVEs and Images

To review the current list of whitelisted/blacklisted CVEs and images:

  1. From the Image Scanning module, select Scanning Policies.

  2. Click the Whitelists and Blacklists button.

  3. Choose the relevant tab ( CVE Whitelist , Global Trusted Images , or Global Blacklisted Images ).

Whitelist a CVE

There are two ways to whitelist a CVE - from the Scanning Policies tab, and from the Repositories tab.

From the Scanning Policies Tab:

  1. From the Image Scanning module, select Scanning Policies.

    374670768.png
  2. Click Whitelists and Blacklists.

  3. Click Add CVE, add each CVE in a comma-separated list, then click Ok to save.

    Each item in the list must follow the CVE naming format (CVE-YEAR-ID).

    374670774.png

From the Repositories Tab

  1. From the Image Scanning module, choose Repositories and select one of the listed repos.

    If there is a policy result related to a vulnerability, you can whitelist that CVE.

  2. Click the More Options (+) icon beside the relevant CVE.

    374670754.png
  3. Select Add CVE to Global Whitelist.

The CVE will now be listed in the CVE Whitelist tab.

Whitelist / Blacklist an Image

Note

If an image is added both in the "Trusted Images" list and in the "Blacklisted Image" list, the blacklisted one takes precedence.

There are two ways to whitelist or blacklist an image - from the Scanning Policies tab, and from the Repositories tab.

From the Scanning Policies tab:

  1. From the Image Scanning module, select Scanning Policies.

  2. Click Whitelists and Blacklists.

  3. Choose the relevant tab ( Global Trusted Images , or Global Blacklisted Images ) and click the Add Image button.

  4. Add each image in a comma-separated list, then click Ok.

    A tag name must be valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes.

    A tag name may not start with a period or a dash and may contain a maximum of 128 characters.

From the Repositories tab:

  1. From the Image Scanning module, choose the Repositories tab.

  2. Select the relevant repository from the list and open the relevant image.

  3. Click the More Options (+) icon at the top of the page:

    374670761.png
  4. Select either Add Image to Trusted Images or Add Image to Blacklisted Images as needed.

The CVE will now be listed in the Global Trusted Images tab or Global Blacklisted Images tab, as appropriate.

Remove a CVE or Image from the Whitelist/Blacklist

To remove one or more CVEs or Images from the various lists:

  1. From the Image Scanning module, select Scanning Policies.

  2. Click Whitelists and Blacklists.

  3. Navigate to the relevant tab ( CVE Whitelist , Global Trusted Images , or Global Blacklisted Images ).

  4. Click the Delete (X) icon beside the relevant CVEs/images

    374670786.png
  5. Click Save .