Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Defender for Cloud helps you identify and prioritize vulnerabilities in images currently used by workloads running on Kubernetes clusters.
To generate these findings, Defender for Cloud builds an inventory of your Kubernetes workloads by using supported discovery and protection components, and correlates that inventory with vulnerability data for the images used by those workloads.
Vulnerability findings for running containers are shown as security recommendations in Defender for Cloud. The steps in this article use the Flat list recommendations view, which shows recommendations at the affected-resource level. Learn more about reviewing recommendations by title or by resource.
Note
During the transition from grouped to individual recommendations, you might see both recommendation formats in the portal. Learn more about transitioning from grouped to individual recommendations.
Prerequisites
Before you begin, make sure that Defender for Containers or Defender CSPM is enabled on your subscription with one of the following component combinations toggled on:
- Registry access and either Kubernetes API access or Defender sensor to map registry-scanned images to running workloads.
- Agentless scanning for machines and either Kubernetes API access or Defender sensor for registry-agnostic runtime vulnerability assessment.
View vulnerabilities for running containers
To view vulnerabilities for a running container:
Sign in to the Azure portal.
Go to Microsoft Defender for Cloud > Recommendations.
Select the Vulnerabilities tab.
Select the Flat list view.
Select Add filter.
Select Resource type.
Select Container.
Select Apply.
Select a recommendation.
Review the recommendation details, including the risk information, remediation guidance, and recommendation metadata.
Select the Associated CVEs tab to review the CVEs associated with the recommendation.
Select a CVE to view details such as severity, affected components, and fix version information.
Related content
To find all containers affected by a specific vulnerability, see Group recommendations by title.
To remediate vulnerabilities, see Remediate recommendations.
Build Cloud Security Explorer queries for container vulnerabilities