DevOps Image management widget provides intuitive navigation for releases, services, and severities.
The Image Management feature within DevOps Intelligence suite is pivotal for users gaining insights into the software images used within your organization's software development lifecycle. This feature grants you access to pertinent data about these images, facilitating your decision-making processes.
The Image Management allows you to keep track of the various components of modern software, which often includes a blend of in-house developed source code and third-party libraries, mainly open-source ones. With the rising dependence on open-source libraries, security vulnerabilities and license compliance issues can arise; the Image Management feature helps you avoid such issues, keeping your software assets safe and secure.
At a macro level, the Image Management feature gathers crucial data about the images used in the software development lifecycle. This includes the total count of unique images, the number of images with vulnerabilities, and images not scanned in the last 150 days.
To view the Image management dashboard, you must:
From the top left menu button, select
DevOps Intelligence
Select
Build
option and expand the menu
Select
Image management
On this dashboard, you will be presented with an Image management widget, a Top 5 applications with vulnerable images, and an Image details table.
Key Image vulnerability management metrics
The Image Management Metrics are split into four categories:
Overall unique images
: This metric includes the total count of unique images from the latest master images; even if a single technical service contains multiple images, it counts as one. The percentage of these images that are open-source is also displayed.
Images with vulnerabilities
: This represents the number and percentage of images with vulnerabilities. This metric also compares the vulnerability image percentage increase or decrease in the last 30 days concerning the previous 30 days.
Images multiple critical/high vulnerabilities
: This metric represents the total number of images with multiple critical or high vulnerabilities out of the total vulnerable images.
Images Not Scanned in the Last 150 Days
: Displays the number of images not scanned in the last 150 days.
Images not scanned in last 150 days
Once selected, images not scanned in the last 150 days section will provide detailed information about the Top 5 applications with vulnerable images and will also be displayed in the Image details table, presenting images that have not undergone a scan in the past 150 days.
Top 5 applications with vulnerable images
The vulnerabilities by severity for the Top 5 applications graph comprehensively shows the total number of vulnerabilities distributed across two severity categories: Critical and High.
This visualization supports:
Application Filtering
: The graph adjusts based on the selection in the application dropdown menu. By default, it displays data for all applications.
Timeline Adjustment
: It supports a selectable timeline that defaults to the past 7 days and can be adjusted as needed.
Release Selection
: The graph also updates based on the selected release from the Release dropdown.
Image details table
The Image details table provides a detailed view of each image's vulnerabilities. The table adjusts based on the selections made in two dropdowns: Technical service, and Severities. It shows all applications and data from the past 7 days by default. Here's what each column represents:
Image
: The name of the image.
Version
: The version of the image.
Technical service
: The technical service associated with the image.
Application
: The application to which the image is linked.
Release
: The release under which the image falls.
Total vulnerabilities
: The total number of identified vulnerabilities.
Critical
and
High
: The number of vulnerabilities categorized based on their severity.
Last scanned
: The last date the image was scanned for vulnerabilities.
Tools Engine
: Displays the name of the tool engine in use.
The Image details table displays all data based on the timeframe selected. All columns in this table can be sorted except the Tool engine column. Above this table, you will find a search box that allows searching technical services by name and a
Settings
icon that allows you to change the settings to show or hide pre-selected columns. Additionally, an export function allows you to download a zip report of the table for offline analysis and record-keeping.
Image details view
The Image details view can be accessed by selecting the vertical ellipsis menu located to the far right of the image in the table and selecting
View details
; this page provides a comprehensive view of the vulnerabilities associated with a specific image; you will see the Image name, the Version, and a Vulnerability summary categorized as Critical and High.
The table on this page gives detailed information about each vulnerability as follows:
Package Name
: The package associated with the image.
Path
: The path to the package.
Issue ID
: The unique identifier for the vulnerability.
Severity
: The severity level of the vulnerability.
Description
: A summary of the vulnerability.
CVSS Score
: A numerical representation, ranging from 0-10, of the severity of a security vulnerability.
Fixed Version
: The version where the vulnerability has been addressed and resolved.