Cloud Services

DevOps Intelligence

Image management
Published On May 16, 2024 - 11:07 AM

Image management

DevOps Image management widget provides intuitive navigation with dropdowns for Releases, Services, and Severities.
As a user, the Image Management feature within Kyndryl's DevOps Intelligence suite is invaluable for gaining insights into the software images used within your organization's software development lifecycle. This feature grants you access to pertinent data about these images, facilitating your decision-making processes.
The Image Management feature proves highly beneficial due to its capacity to keep track of the various components of modern software, which often includes a blend of in-house developed source code and third-party libraries, especially open-source ones. With the rising dependence on open-source libraries, monitoring them is imperative due to their convenience and ability to reduce time-to-market significantly. These libraries, while advantageous, can potentially introduce security vulnerabilities and license compliance issues. The Image Management feature helps you avoid such issues, keeping your software assets safe and secure.
At a macro level, the Image Management feature gathers crucial data about the images used in the software development lifecycle. This includes the total count of unique images, the number of images with vulnerabilities, and images not scanned in the last 150 days.
To view the Image management dashboard, you must:
  1. On the top left menu button, select
    DevOps Intelligence
  2. Navigate to
    Build
    and expand the menu
  3. Select
    Image management
On this dashboard, you will be presented with an Image management widget, a Top 5 applications with vulnerable images, and an Image details table.

Key Image vulnerability management metrics

The Image Management Metrics are split into four categories:
  • Overall unique images
    : This metric includes the total count of unique images from the latest master images; even if a single technical service contains multiple images, it counts as one. The percentage of these images that are open-source is also displayed.
  • Images with vulnerabilities
    : This represents the number and percentage of images with vulnerabilities. This metric also compares the vulnerability image percentage increase or decrease in the last 30 days concerning the previous 30 days.
  • Images multiple critical/high vulnerabilities
    : This metric represents the total number of images with multiple critical or high vulnerabilities out of the total vulnerable images.
  • Images Not Scanned in the Last 150 Days
    : Displays the number of images not scanned in the last 150 days.

Images not scanned in last 150 days

Once selected, the Images not scanned in the last 150 days section will provide detailed information about the Top 5 applications with vulnerable images and will also be displayed in the Image details table, presenting images that have not undergone a scan in the past 150 days.

Top 5 applications with vulnerable images

The vulnerabilities by severity for the Top 5 applications graph comprehensively shows the total number of vulnerabilities distributed across two severity categories: Critical and High.
This visualization supports:
  • Application Filtering
    : The graph adjusts based on the selection in the application dropdown menu. By default, it displays data for all applications.
  • Timeline Adjustment
    : It supports a selectable timeline that defaults to the past 7 days and can be adjusted as needed.
  • Release Selection
    : The graph also updates based on the selected release from the Release dropdown.

Image details table

The Image details table provides a detailed view of each image's vulnerabilities. The table adjusts based on the selections made in two dropdowns: Technical service, and Severities. It shows all applications and data from the past 7 days by default. Here's what each column represents:
  • Image
    : The name of the image.
  • Version
    : The version of the image.
  • Technical service
    : The technical service associated with the image.
  • Application
    : The application to which the image is linked.
  • Release
    : The release under which the image falls.
  • Total vulnerabilities
    : The total number of identified vulnerabilities.
  • Critical
    and
    High
    : The number of vulnerabilities categorized based on their severity.
  • Last scanned
    : The last date the image was scanned for vulnerabilities.
  • Tools Engine
    : Displays the name of the tool engine in use.
The Image details table displays all data based on the timeframe selected. All columns in this table can be sorted except the Tool engine column. Above this table, you will find a search box that allows searching technical services by name and a
Settings
icon that allows you to change the settings to show or hide pre-selected columns. Additionally, an export function allows you to download a zip report of the table for offline analysis and record-keeping.

Image details view

The Image details view can be accessed by selecting the vertical ellipsis menu located to the far right of the image in the table and selecting
View details
; this page provides a comprehensive view of the vulnerabilities associated with a specific image; you will see the Image name, the Version, and a Vulnerability summary categorized as Critical and High.
The table on this page gives detailed information about each vulnerability as follows:
  • Package Name
    : The package associated with the image.
  • Path
    : The path to the package.
  • Issue ID
    : The unique identifier for the vulnerability.
  • Severity
    : The severity level of the vulnerability.
  • Description
    : A summary of the vulnerability.
  • CVSS Score
    : A numerical representation, ranging from 0-10, of the severity of a security vulnerability.
  • Fixed Version
    : The version where the vulnerability has been addressed and resolved.
Do you have two minutes for a quick survey?
Take Survey