← Back to Mirantis Kubernetes Engine Security Technical Implementation Guide

V-260943

CAT II (Medium)

Vulnerability scanning must be enabled for all repositories in MSR.

Rule ID

SV-260943r966186_rule

STIG

Mirantis Kubernetes Engine Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-001067 CCI-002605 CCI-000366

Discussion

Enabling vulnerability scanning for all repositories in Mirantis Secure Registry (MSR) is a critical security practice that helps organizations identify and mitigate potential security risks associated with container images. Enabling scanning for all repositories in MSR helps identify and prioritize security issues that could pose risks to the containerized applications.

Check Content

If MSR is not being utilized, this is Not Applicable.

Check image vulnerability scanning enabled for all repositories.

Log in to the MSR web UI and navigate to System >> Security Tab.

Verify that the "Enable Scanning" slider is turned on and the vulnerability database has been successfully synced (online) or uploaded (offline).

If the "Enable Scanning" slider is tuned off, this is a finding.

If the vulnerability database is not synced or uploaded, this is a finding.

Fix Text

If MSR is not being utilized, this is Not Applicable.

Enable vulnerability scanning on the MSR UI by logging in to the MSR web UI and navigating to System >> Security Tab.

Click the "Enable Scanning" slider to enable this capability.

Sync (online) or upload (offline) the vulnerability database.