Skip to main content

Blog

Unique Vulnerability Counts with Container Scanning

December 2 | 2021

Unique Vulnerability Counts with Container Scanning

As Cloud Service Providers (CSPs) start to submit their container vulnerability scans in order to meet Container Scanning Guidance requirements, stakeholders monitoring submissions should expect to see large increases in the number of unique vulnerabilities.

What’s Different?

Traditional vulnerability scanning tools use an overarching PluginID or Vulnerability ID that wraps multiple Common Vulnerabilities and Exposures (CVE) under one ID. Container scanning solutions typically track unique vulnerabilities at the Common Vulnerabilities and Exposures (CVE) level, which is much more granular. This means that you could have an increased number of unique vulnerabilities in CSPs monitoring submissions.

What’s the Impact?

Those monitoring these new submissions could possibly see a jump of hundreds of unique vulnerabilities within the container scans.

  • If you are an agency: Please reach out to your CSPs early and discuss what they are seeing and what they will be submitting to you prior to the actual scan submission. This will ensure everyone is prepared and understands the new counts.
  • If you are a CSP: Please make sure your clients are briefed on this so that your clients understand the reason for the sudden increase in unique findings. This will help avoid an unwelcome surprise because of these new numbers.

Back to Blogs