From 8b0d0a7a848c8ee1c2f7f1a3010b426f9598c96a Mon Sep 17 00:00:00 2001 From: encalada Date: Tue, 16 Jul 2024 13:14:55 +0200 Subject: [PATCH] Fiy some markdown formatting for Vulscan blog --- .../posts/2024-07-15-vulnerability-scanning.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/content/en/blog/posts/2024-07-15-vulnerability-scanning.md b/content/en/blog/posts/2024-07-15-vulnerability-scanning.md index 7e39bdb4..c8027a7a 100644 --- a/content/en/blog/posts/2024-07-15-vulnerability-scanning.md +++ b/content/en/blog/posts/2024-07-15-vulnerability-scanning.md @@ -28,7 +28,7 @@ You can learn more by visiting this [link](https://shipwright.io/blog/2020/11/30 Vulnerability scanning for container images involves examining the image for known security vulnerabilities. This is typically done using automated tools that compare the contents of the image against a database of known vulnerabilities. The key reasons for Vulnerability Scanning are: - **Security**: Containers often include third-party libraries and dependencies, which might have known vulnerabilities. If these vulnerabilities are exploited, they can lead to data breaches, unauthorized access, and other security incidents. -- **Compliance: Many industries have regulatory requirements that mandate regular security assessments, including vulnerability scanning. Ensuring your container images are free from known vulnerabilities helps in meeting these compliance standards. +- **Compliance**: Many industries have regulatory requirements that mandate regular security assessments, including vulnerability scanning. Ensuring your container images are free from known vulnerabilities helps in meeting these compliance standards. - **Stability**: Vulnerabilities can also impact the stability and performance of your applications. By identifying and fixing these issues early, you can maintain the reliability of your software. There are many popular tools available for vulnerability scanning of container images, such as Clair, Trivy, Aqua Security, and Snyk. @@ -54,14 +54,14 @@ spec: **Configuration Options** -- `vulnerabilityScan.enabled`:  Specify whether to run vulnerability scan for image. The supported values are true and false. -- `vulnerabilityScan.failOnFinding`:  Indicates whether to fail the build run if the vulnerability scan results in vulnerabilities. The supported values are true and false. This field is optional and false by default. -- `vulnerabilityScan.ignore.issues`:  References the security issues to be ignored in vulnerability scan -- `vulnerabilityScan.ignore.severity`:  Denotes the severity levels of security issues to be ignored, valid values are : - - low : it will exclude low severity vulnerabilities, displaying only medium, high and critical vulnerabilities - - medium : it will exclude low and medium severity vulnerabilities, displaying only high and critical vulnerabilities - - high : it will exclude low, medium and high severity vulnerabilities, displaying only the critical vulnerabilities -- `vulnerabilityScan.ignore.unfixed`:  Indicates to ignore vulnerabilities for which no fix exists. The supported types are true and false. +- `vulnerabilityScan.enabled`: Specify whether to run vulnerability scan for image. The supported values are true and false. +- `vulnerabilityScan.failOnFinding`: Indicates whether to fail the build run if the vulnerability scan results in vulnerabilities. The supported values are true and false. This field is optional and false by default. +- `vulnerabilityScan.ignore.issues`: References the security issues to be ignored in vulnerability scan +- `vulnerabilityScan.ignore.severity`: Denotes the severity levels of security issues to be ignored, valid values are: + - low: it will exclude low severity vulnerabilities, displaying only medium, high and critical vulnerabilities. + - medium: it will exclude low and medium severity vulnerabilities, displaying only high and critical vulnerabilities. + - high: it will exclude low, medium and high severity vulnerabilities, displaying only the critical vulnerabilities. +- `vulnerabilityScan.ignore.unfixed`: Indicates to ignore vulnerabilities for which no fix exists. The supported types are true and false. ## Lets dive right in