You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure.md
+9-5Lines changed: 9 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,7 +3,7 @@ title: Identify vulnerabilities in Azure Container Registry with Microsoft Defen
3
3
description: Learn how to use Defender for Containers to scan images in your Azure Container Registry to find vulnerabilities.
4
4
author: bmansheim
5
5
ms.author: benmansheim
6
-
ms.date: 01/11/2023
6
+
ms.date: 05/09/2023
7
7
ms.topic: how-to
8
8
ms.custom: ignite-2022
9
9
---
@@ -30,8 +30,7 @@ The triggers for an image scan are:
30
30
31
31
- Continuous scan for running images. This scan is performed every seven days for as long as the image runs. This mode runs instead of the above mode when the Defender profile, or extension is running on the cluster.
32
32
33
-
When a scan is triggered, findings are available as Defender for Cloud recommendations from 2 minutes up to 15 minutes after the scan is complete.
34
-
33
+
Once a scan is triggered, scan results will typically appear in the Defender for Cloud recommendations after a few minutes, but in some cases it may take up to an hour.
35
34
## Prerequisites
36
35
37
36
Before you can scan your ACR images:
@@ -145,8 +144,8 @@ To create a rule:
145
144
146
145
1. To view, override, or delete a rule:
147
146
1. Select **Disable rule**.
148
-
1. From the scope list, subscriptions with active rules show as **Rule applied**.
149
-
:::image type="content" source="./media/remediate-vulnerability-findings-vm/modify-rule.png" alt-text="Modify or delete an existing rule.":::
147
+
1. From the scope list, subscriptions with active rules appear as **Rule applied**.
148
+
:::image type="content" source="./media/remediate-vulnerability-findings-vm/modify-rule.png" alt-text="Screenshot showing the scope list.":::
150
149
1. To view or delete the rule, select the ellipsis menu ("...").
151
150
152
151
## View vulnerabilities for images running on your AKS clusters
@@ -166,6 +165,11 @@ Defender for Containers pulls the image from the registry and runs it in an isol
166
165
167
166
Defender for Cloud filters and classifies findings from the scanner. When an image is healthy, Defender for Cloud marks it as such. Defender for Cloud generates security recommendations only for images that have issues to be resolved. By only notifying you when there are problems, Defender for Cloud reduces the potential for unwanted informational alerts.
168
167
168
+
### What is the difference between Not Applicable Resources and Unverified Resources?
169
+
170
+
-**Not applicable resources** are resources for which the recommendation can't give a definitive answer. The not applicable tab includes reasons for each resource that could not be assessed.
171
+
-**Unverified resources** are resources that have been scheduled to be assessed, but have not been assessed yet.
172
+
169
173
### Does Microsoft share any information with Qualys in order to perform image scans?
170
174
171
175
No, the Qualys scanner is hosted by Microsoft, and no customer data is shared with Qualys.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments