Scanner
Scanner is a Kaspersky Container Security software component that scans objects in real time to assess their security and detect known vulnerabilities, malware, signs of sensitive data, and misconfigurations. The scanner lets you conduct security checks based on active security policies.
Kaspersky Container Security employs the following types of scanners:
- Vulnerability scanner based on the Common Vulnerabilities and Exposures (CVE) database
- File threat scanner within the File Threat Protection component
- Configuration file scanner
- Sensitive data (secrets) scanner
About object scanning
Kaspersky Container Security checks objects deployed in the solution during the scanning process.
The scanning process searches for and analyzes threats and security risks associated with objects in the solution. Object scans must be performed regularly to keep track of emerging security threats.
When scanning, Kaspersky Container Security identifies the following security threats:
- Vulnerabilities
- Malware.
- Misconfigurations
- Sensitive data
- Non-compliance with security policy requirements
Scanning process
The scanner receives scan jobs through the image handler. The image handler is an application deployed in the Kaspersky Container Security infrastructure that forwards scan jobs to the scanner and receives the scan results from the scanner.
When scan jobs are forwarded, the current status of the scanner is determined as one of the following:
- Free — the scanner is not processing objects and can accept a job from the image handler application if requested.
- Busy — the scanner is currently processing a scan job. A new job from the image handler application is put in the queue.
The scan job queue includes all forwarded scan jobs and is generated in the following cases:
- An image registry scan is manually started.
- An image registry scan is automatically started.
- A bulk scan of cluster objects is started.
Jobs in the scan queue receive the following statuses:
- Pending — status assigned by default when a job is created.
- In progress — the job is being processed by the image handler.
- Parsing results — the solution processes the job scanning results to display them in the interface.
- Error— scan job failed.
- Finished — the results of the scan job are available.
Scan tasks from the queue are submitted to the image handler in the order of their receipt. A job then goes to a scanner with Free status and is scanned for security issues. The scan results are sent back to the image handler. The job is considered completed and finished if scanning results are received. If a scan job was performed three or more times but received no results, the job is given the Error status.
Actions after scanning
After scanning, the solution displays the scan results. If security threats are detected in an object, Kaspersky Container Security prompts you to perform one of the following actions:
- Delete the security threat.
- Accept the security risk
File Threat Protection
When scanning registries and objects in CI/CD, Kaspersky Container Security uses the File Threat Protection component to search for and analyze potential file threats. The results of this malware scan are displayed together with the overall scan results.
The databases of the File Threat Protection component are updated from the Kaspersky Container Security update server.
After starting the utility, the File Threat Protection databases are downloaded and saved in the dedicated folder in the solution vendor's cloud object storage.
When the solution is deployed in a public corporate network, an update is performed directly from the update server. When installing the solution in a private corporate network, the updated File Threat Protection databases are added to the kcs-db-server container for subsequent running and updating.