This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Reporting & Remediation

Once you have identified vulnerabilities against software in a container image, the next step is to remediation. This section covers typical usage patterns for reporting on vulnerabilities and running possible workflows for remediation.

Matching

On occasion, you may see a vulnerability identified by GHSA (GitHub Security Advisory) instead of CVE (Common Vulnerability Enumeration). The reason for this is that Anchore uses an order of precedence to match vulnerabilities from feeds. Anchore gives precedence to OS and third-party package feeds which often contain more up-to-date information and provide more accurate matches with image content. However, these feeds may provide GHSA vulnerability IDs instead of CVEs as provided by NVD (National Vulnerability Database) feeds.

The vulnerability ID Anchore reports depends on how the vulnerability is matched. The order of precedence is packages installed by OS package managers, then third-party packages (java, python, node), and then NVD. The GHSA feeds tend to be ahead of the NVD feeds, so there may be some vulnerabilities that match a GHSA before they match a CVE from NVD.

We are working to unify the presentation of vulnerability IDs to keep things more consistent. Currently our default is to report the CVE unless the GHSA provides a more accurate match.

Reporting

The Reports tab is your gateway to producing insights into the collective status of your container image environment based on the back-end Enterprise Reporting Service.

Note: Because the reporting data cycle is configurable, the results shown in this view may not precisely reflect actual analysis output at any given time.

For more information on how to modify this cycle or the Reporting Service in general, please refer to the Reporting Service documentation.

Custom Reports

The Report feature provides the tools to create custom reports, set a report to run on a schedule (or store the report for future use), and get notified when they’re executed in order to receive the insights you’re interested in for account-wide artifacts.

In addition, you can create user templates (also known as custom templates) that use any of the preconfigured system templates offered with the application as their basis, or create your own templates from scratch. Templates provide the structure and filter definitions the application uses in order to generate reports.

To jump to a particular guide, select from the following below:

1 - New Reports

Overview

The New Reports tab in the Reports view is where you can create a new report, either on an ad-hoc basis for immediate download, or for it to be saved for future use. Saved reports can be executed immediately, scheduled, or both.

Note: The New Reports tab will be the default tab selected in the Reports view when you don’t yet have any saved reports.

Reports created in this view are based on templates. Templates provide the output structure and filter definitions the user can configure in order for the application to generate the shape of the report. Anchore Enterprise client provides immediate access to a number of preconfigured system templates that can be used as the basis for user templates. For more information on how to create and manage templates, please refer to the Templates documentation.

Creating a Report

The initial view of the New Reports tab is shown below:

Initial Report View

In the above view you can see that the application is inviting you to select a template from the dropdown menu. You can either select an item from this dropdown or click in the field itself and enter text in order to filter the list.

Once a template is selected, the view will change to show the available filters for the selected template. The following screenshot shows the view after selecting the Artifacts by Vulnerability template:

Selected Report View

At this point you can click Preview Report to see the summary output and download the information, or you can refine the report by adding filters from the associated dropdown. As with the template selection, you can either select an item from the dropdown or click in the field itself and enter text in order to filter the list.

Selected Report View

After you click the Preview Report button, you are presented with the summary output and the ability to download the report in a variety of formats:

Selected Report View

At this point you can click any of the filters you applied in order to adjust them (or remove them entirely). The results will update automatically. If you want to add more filters you can click the [ Edit ] button and select more items from the available options and then click Preview Report again to see the updated results.

You can now optionally configure the output information by clicking the [ Configure Columns ] button. The resulting popup allows you to reorder and rename the columns, as well as remove columns you don’t want to see in the output or add columns that are not present by default:

Selected Report View

Once you’re satisfied with the output, click Download Full Report to download the report in the selected format. The formats provided are:

  • CSV - comma-separated values, with all nested objects flattened into a linear list of items
  • Flat JSON - JavaScript object notation, with all nested objects flattened into a linear list of items
  • Raw JSON - JavaScript object notation, with all nested objects preserved

Saving a Report

The above describes the generation of an ad-hoc report for download, which may be all you need. However, you can also save the report for future use. To do so, click the Save Report button. The following popup will appear:

Selected Report View

Provide a name and optional description for the report, and then select whether you want to save the report and store results immediately, set it to run on a schedule, or both. If you select the Generate Report option, you can then select the frequency of the report generation. Once you’re satisfied with the configuration, click Save.

The saved report will be stored under Saved Reports and you will immediately be transitioned to this view on success. The features within this view are described in the Saved Reports section.

2 - Quick Report

Overview

Generate a report utilizing the back-end Enterprise Reporting Service through a variety of formats - table, JSON, and CSV. If you’re interested in refining your results, we recommend using the plethora of optional filters provided.

Note: Because the reporting data cycle is configurable, the results shown in this view may not precisely reflect actual analysis output at any given time.

For more information on how to modify this cycle or the Reporting Service in general, please refer to the Reporting Service documentation.

The following sections in this document describe how to select a query, add optional filters, and generate a report.

Reports

Selecting a Query

To select a query, click the available dropdown present in the view and select the type of report you’re interested in generating.

Images Affected by Vulnerability

View a list of images and their various artifacts that are affected by a vulnerability. By default, a couple optional filters are provided:

FilterDescription
Vulnerability IdVulnerability ID
Tag Current OnlyIf set to true, current tag mappings are evaluated. Otherwise, all historic tag mappings are evaluated
Policy Compliance History by Tag

Query your policy evaluation data using this report type. By default, this report was crafted with compliance history in mind. Quite a few optional filters are provided to include historic tag mappings and historic policy evaluations from any policy that is or was set to active. More info below:

FilterDescription
Registry NameName of the registry
Repository NameName of the repository
Tag NameName of the tag
Tag Current OnlyIf set to true, current tag mappings are evaluated. Otherwise, all historic tag mappings are evaluated
Policy Evaluation Latest OnlyIf set to true, only the most recent policy evaluation is processed. Otherwise, all historic policy evaluations are evaluated
Policy ActiveIf set to true, only the active policy at the time of this query is used. Otherwise, all historically active policies are also included. This attribute is ignored if a policy ID or digest is specified in the filter

Note that the default filters provided are optional.

Adding Optional Filters

Once a report type has been selected, an Optional Filters dropdown becomes available with items specific to that Query. Such as those listed above, any filters considered default to that report type are also shown.

You can remove any filters you don’t need by pressing the in their top right corner but as long as they’re empty/unset, they will be ignored at the time of report generation.

Generating a Report

After a report type has been selected, you immediately can Generate Report by clicking the button shown in the bottom left of the view.

By default, the Table format is selected but you can click the dropdown and modify the format for your report by selecting either JSON or CSV.

Table

A fast and easy way to browse your data, the table report retrieves paginated results and provides optional sorting by clicking on any column header. Each column is also resizable for your convenience. You can choose to fetch more or fetch all items although please note that depending on the size of your data, fetching all items may take a while.

Download Options

Download your report in JSON or CSV format. Various metadata such as the report type, any filters used when querying, and the timestamp of the report are included with your results. Please note that depending on the size of your data, the download may take a while.

3 - Report Manager

Overview

Use the Report Manager view to create custom queries, set a report to run on a schedule (or store the configuration for future use), and get notified when they’re executed in order to receive the insights you’re interested in for account-wide artifacts. The results are provided through a variety of formats - tabular, JSON, or CSV - and rely on data retrieved from the back-end Enterprise Reporting Service.

Note: Because the reporting data cycle is configurable, the results shown in this view may not precisely reflect actual analysis output at any given time.

For more information on how to modify this cycle or the Reporting Service in general, please refer to the Reporting Service documentation.

The following sections in this document describe templates, queries, scheduling reports, and viewing your results.

Report Manager

UI Report Manager

Templates

Templates define the filters and table field columns used by queries to generate report output. The templates provided by the sytem or stored by other users in your account can be used directly to create a new query or as the basis for crafting new templates.

System Templates

By default, the UI provides a set of system templates:

Images Failing Policy Evaluation
This template contains a customized set of filters and fields, and is based on “Policy Compliance History by Tag”.
Images With Critical Vulnerabilities
This template contains a customized set of filters and fields, and is based on “Images Affected by Vulnerability”.
Artifacts by Vulnerability
This templates contains all filters and fields by default.
Tags by Vulnerability
This templates contains all filters and fields by default.
Images Affected by Vulnerability
This templates contains all filters and fields by default.
Policy Compliance History by Tag
This templates contains all filters and fields by default.
Vulnerabilities by Kubernetes Namespace
This templates contains all filters and fields by default.
Vulnerabilities by Kubernetes Container
This templates contains all filters and fields by default.
Vulnerabilities by ECS Container
This templates contains all filters and fields by default.
Creating a Template

In order to define a template’s list of fields and filters, navigate to the Create a New Template section of the page, select a base configuration provided by the various System Templates listed above, and click Next to open a modal.

UI Template Creation

Provide a name for your new template, add an optional description, and modify any fields or filters to your liking.

The fields you choose control what data is shown in your results and are displayed from left to right within a report table. To optionally refine the result set returned, you can add or remove filter options, set a default value for each entry and specify if the filter is optional or required.

Note that templates must contain at least one field and one filter.

Once the template is configured to your satisfaction, click OK to save it as a Stored Template. Your new template is now available to hydrate a query or as a basis for future templates.

Editing a Template

To view or edit a template that has been stored previously, click its name under Stored Report Items on the right of the page. As with the creation of a template, the list of fields and filters can be customized to your preference.

When you’re done, click OK to save any new changes or Cancel to discard them.

Deleting a Template

To delete a template that you have configured previously, click the red “x” to the left of its name under Stored Report Items and click Yes to remove it. Note that once the template has been removed, you won’t be able to recover it.

Queries

Queries are based on a template’s configuration and can then be submitted to the back-end Enterprise Reporting Service on a reoccurring schedule to generate reports. These results can then be previewed in tabular form and downloaded in JSON or CSV format.

Creating a Query

To create a query, navigate to the Create a New Query section of the page, select a template configuration, and click Next to open a modal.

UI Query Creation

After you provide a unique name for the query and an optional description, click OK to save your new query. You will be automatically navigated to view it.

Editing a Query

To view or edit a query, click its name under Stored Report Items on the right of the page to be navigated to the Query View.

UI Query View

Within this view, you can edit its name and description, set a schedule to act as the base configuration for Scheduled Items, and view the various filters set by the template this query was based on.

To save any changes to the query, click Save Query or Save Query and Schedule Report.

Setting a Schedule

In order to set or modify a query’s schedule, click Add/Change Schedule to open a modal.

UI Query Schedule

Reports can be generated daily, weekly, or monthly at a time of your choosing. This can be set according to your timezone or UTC. By default, the schedule is set for weekly on Mondays at 12PM your time.

When scheduling reports to be generated monthly, note that multiple days of the month can be selected and that certain days (the 31st, for example) may not trigger every month.

In the top-right corner of the modal, you can toggle the enabled state of the schedule which determines whether reports will be executed continuously on the timed interval you saved. Note that pressing OK modifies the schedule but does not save it to the query. Please click the Save Query or Save Query and Schedule Report to do so.

Deleting a Query

To delete a query, click the red “x” to the left of its name under Stored Report Items and click Yes to remove it. Note that every scheduled report associated with that query will also be removed and not be recoverable.

Scheduled Reports

Adding a Scheduled Item

Once you’ve crafted a query based on a system or custom template, supplied any filters to refine the results, and previewed the report generated to ensure it is to your satisfaction, you can add it to be scheduled by clicking Save Query and Schedule Report.

Any schedules created from this view will be listed at the bottom.

Editing a Scheduled Item

To edit a scheduled item, click on Tools within that entry’s Actions column and select Edit Scheduled Item to open a modal.

Here, you can modify the name, description, and schedule for that item. Click Yes to save any new changes or Cancel to discard them.

Deleting a Scheduled Item

To delete a scheduled item, click on Tools within that entry’s Actions column and select Delete Scheduled Item. Note that every report generated from that schedule will also be removed upon clicking Yes and will not be recoverable.

Viewing Results

Click View under a scheduled item’s Actions column to expand the row and view its list of associated reports sorted by most recent. Click View or Tools > View Results to navigate to that report’s results.

UI Report Results

If you configured notifications to be sent when a report has been executed, you can navigate to the report’s results by clicking the link provided in its notification.

Downloading results

A preview of up to 1000 result items are shown in tabular form which provides optional sorting by clicking on any column header. If a report contains more than 1000 results, please download the data to view the full report. To do so, click Download to JSON or Download to CSV based on your preferred format.

Various metadata such as the report type, any filters used when querying, and the timestamp of the report are included with your results. Please note that depending on the size of your data, the download may take a while.

Configure Notifications

To be notified whenever a report has been generated, navigate to Events & Notifications > Manage Notifications. Once any previous notification configurations have loaded, add a new one from your preferred endpoint (Email, Slack, etc), and select the predefined event selector option for Scheduled Reports.

UI Report Notifications Config

This includes the availability of a new result or any report execution failures.

Once you receive a notification, click on the link provided to automatically navigate to the UI to view the results for that report.

4 - Saved Reports

Overview

The Saved Reports tab in the Reports view is where you can view, configure, download, or delete reports that have been saved for future use. Each report entry may contain zero or more results, depending on whether the report has been run or not.

Note: The Saved Reports tab will be the default tab selected in the Reports view when you have one or more saved reports.

Viewing a Report

An example of the Saved Reports tab is shown below:

Initial Report View

Clicking anywhere within the row other than on an active report title or on the Actions button will expand it, displaying the executions for that report if any are available. Clicking an active report title will take you to a view displaying the latest execution for that report. An inactive report title indicates that no results are yet available.

If a report has been scheduled but has no executions, the expanded row will look like the following example:

Initial Report View

Reports with one or more executions will look like the following example:

Initial Report View

In the above example you can see a list of previously executed reports. Their completion status is indicated by the green check mark. Reports that are still in progress are indicated by a spinning icon. Reports that are queued for execution are indicated by an hourglass icon. The reports shown here are all complete, so they can be downloaded by clicking the Download Full Report button. Incomplete, queued, or failed reports cannot be downloaded.

The initial view shows up to four reports, with any older items being viewable by clicking the View More button. The View More button will disappear when there are no more reports to show. In addition:

  • Clicking the Refresh List button will refresh the list of reports, including any executions that may have completed since the last time the list was refreshed. Clicking the Generate Now button will generate a new execution of the report.

  • Individual report items can be deleted by clicking the Delete button. If the topmost report item is deleted, the link in the table row will correspond to the next report item in the list (if any are available).

Note: Deleting all the execution entries for a report will not delete the report itself. The report will still be available for future executions.

Tools Dropdown

Each report row has a Tools control that allows you to perform the following actions:

  • Configure: Opens the report configuration popup, allowing you to change the report name, description, and schedule
  • Generate Now: Generates a new execution of the report
  • Save as Template: Saves the report as a user template, allowing you to use it as the basis for future reports
  • Delete: Removes the report and any associated executions. If all reports are deleted, the page will transition to the New Reports tab and the Saved Reports tab will be disabled.

5 - Templates

Overview

The Templates tab in the Reports view is where you can view and manage report templates. Templates provide the basis for creating the reports executed by the system and specify which filters are applied to the retrieved dataset and how the returned data is shaped.

A number of system templates are provided with the application and all of these and can be used as-is, or as a starting point for creating your own user templates.

Viewing Templates

An example of the System Templates view in the Templates tab is shown below:

Initial Report View

In this view you can see all the system templates provided by default, and their associated descriptions. System templates cannot be deleted, but can be copied and modified to create your own user templates.

An alternate way of creating a new user template is by clicking the Create New Template button. You will be presented with a dialog that allows you to select an existing system template as your starting point, or base your composition on any of the custom templates created by you or other users:

Initial Report View

Selecting a template from the provided dropdown will open the Create a New Template dialog:

Initial Report View

Within this dialog you can provide a unique name and optional description for the new template. In addition, you can modify the filters available when composing reports based on this template, and the columns that will be displayed in the resulting report:

  • Filters: You can add or remove filters, set default values, and specify if the filter is optional or required. Filters are displayed from left to right when composing a report—you can change the display order by clicking on a row hotspot and dragging the row item up or down the list.

  • Columns: You can add or remove columns, change their display order, or provide custom column names to be used when the data is presented in the tabular form offered by comma-separated variable (CSV) file downloads. Columns are displayed from left to right within a report table—you can change the display order by clicking on a row hotspot and dragging the row item up or down the list. Note that templates must contain at least one column.

Once you have configured the filters and columns, you can specify if the report will be scoped to return results against the analysis data in either the current selected account or from all accounts, and click OK. The new template will be added to the list of available user templates.

Custom Templates

The custom templates view shows all user-defined templates present in the current selected account. An example of the Custom Templates view is shown below:

Initial Report View

Unlike system templates, custom templates can be edited or deleted in addition to being copied. Clicking the Tools button for a custom template will display the following options:

Initial Report View

Note that any changes you make to templates in this view, or any new entries you create, will be available to all users in the current selected account.