You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/marketplace/azure-container-certification-faq.yml
+4-4Lines changed: 4 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -26,14 +26,14 @@ sections:
26
26
answer: |
27
27
A vulnerability is an exploitable risk and/or an unsecured entry points that can be used by malicious actors for nefarious actions.
28
28
29
-
Marketplace Container Certification uses MS Defender for cloud which scans images in ACR for vulnerabilties based on CVSS v3 score (Common Vulnerability Scoring System). All container products with vulnerabilities with CVSS v3 score greater than or equal to 7 are blocked. There may be rare instances where specific CVE IDs with even lower scores are blocked by certification.
29
+
Marketplace Container Certification uses MS Defender for cloud, which scans images in ACR for vulnerabilties based on CVSS v3 score (Common Vulnerability Scoring System).. All container products with vulnerabilities with CVSS v3 score greater than or equal to 7 are blocked. There may be rare instances where specific CVE IDs with even lower scores are blocked by certification.
30
30
Certification tries to provide remediation steps for each vulnerability so publishers can fix them.
31
31
32
-
You can also use MS Defender or open source/paid software such as Aqua Security, Qualys Container Security, Clair, Twist Lock for scanning your images before publishing and removing at least high and critical vulnerabilities to ensure high rate of passing.
33
-
These tools are just examples of the tools available for scanning online. ISVs are free to choose any other tool which is the right fit for them (even if it is not part of the list here) as long as it identifies vulnerabilities.
32
+
You can also use MS Defender or open source/paid software such as Aqua Security, Qualys Container Security, Clair, Twist Lock for scanning your images before publishing. You must remove at least high and critical vulnerabilities to ensure high rate of passing.
33
+
These tools are just examples of the tools available for scanning online. ISVs are free to choose any other tool, which is the right fit for them (even if it is not part of the list here) as long as it identifies vulnerabilities.
34
34
35
35
>[!NOTE]
36
-
>The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability, and produce a numerical score reflecting its severity, as well as a textual representation of that score. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.
36
+
>The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability, and produce a numerical score reflecting its severity, and a textual representation of that score. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.
37
37
38
38
>[!NOTE]
39
39
>There are rare scenarios where products might have excessive number of vulnerabilties and we are not able to share results for all of them in certification report. We recommend you to scan such products before publishing. You can also reach out to us at [Marketplace Publisher Support](https://aka.ms/marketplacepublishersupport) to get details in email.
0 commit comments