- Kaspersky Container Security 1.1 Help
- About the Kaspersky Container Security platform
- Solution architecture
- Preparing to install the solution
- Solution installation
- Removing the solution
- Updating the solution
- Solution interface
- Licensing the solution
- Data provisioning
- Working with clusters
- Working with images from registers
- Setting up integration with external image registries
- Integration with CI/CD
- Image scanning in CI/CD processes
- Configuring image and configuration file scan settings
- Defining the path to container images
- Scanning images from CI/CD
- Monitoring the integrity and origin of images
- Running the scanner in SBOM mode
- Getting scan results in JSON or HTML format
- Running the scanner in lite SBOM mode
- Risk handling
- Compliance check
- Configuring and generating reports
- Security policies configuration
- Managing container runtime profiles
- Configuring integration with image signature validators
- Setting up integration with notification outputs
- Configuring LDAP server integration
- Users, roles, and scopes
- Managing users
- About user roles
- Working with system roles
- Displaying list of roles
- About scopes
- Scopes and enforcement of security policies
- Switching between scopes
- Adding users, roles, and scopes
- Resetting password for user accounts
- Changing settings for users, roles, and scopes
- Removing users, roles, and scopes
- Security event log
- Exporting events to SIEM systems
- Backing up and restoring data
- Contacting Technical Support
- Sources of information about the application
- Limitations and warnings
- Glossary
- Third party code information
- Trademark notices
File Threat Protection
When scanning registries and objects in CI/CD, Kaspersky Container Security uses the File Threat Protection component to search for and analyze potential file threats. The results of this malware scan are displayed together with the overall scan results.
The databases of the File Threat Protection component are updated from the Kaspersky Container Security update server.
After starting the utility, the File Threat Protection databases are downloaded and saved in the dedicated folder in the solution vendor's cloud object storage.
When the solution is deployed in a public corporate network, an update is performed directly from the update server. When installing the solution in a private corporate network, the updated File Threat Protection databases are added to the kcs-db-server container for subsequent running and updating.