Vanta can fetch container vulnerabilities from supported container scanning tools. For supported tools, Vanta will:
- Display container vulnerabilities on Vanta's Vulnerabilities page
- Track SLA deadlines on vulnerabilities and surface remediation status for use in audits
- Alert customers when new vulnerabilities are found or vulnerabilities are close to SLA
The currently supported container scanning registries + scanners are:
- Amazon Inspector ECR and EC2 Scanning
- AWS Elastic Container Registry (ECR) Container Scanning
- GCP Container Registry (GCR) Container Scanning
General Vulnerability Scanners:
- The permissions used for Vanta to obtain the scan details already exists inside the AWS managed SecurityAudit policy that is attached to the role that is used for the integration.
- If Inspector EC2 scans are not showing in Vanta, please see the following article - Troubleshooting Missing EC2 Instance Inspector Scans
- Vanta will pull in ECR scans that are available in Inspector or on the container itself directly. If you see these scans in AWS but they aren't showing in Vanta, please reach out to email@example.com!
gcloud services enable containerscanning.googleapis.com
gcloud services enable containeranalysis.googleapis.com
Microsoft Defender for Containers
From Defender for Cloud's menu, open the Settings page and select the relevant subscription.
In the Defender plans page, select Defender for Containers and select Settings.
Turn the relevant component on to enable it.
- Vanta requests permission to read Dependabot alerts when connecting the GitHub integration by default.
To confirm Dependabot is enabled for vulnerability scanning in your monitor repositories, see GitHub's Dependabot Quick Start Guide.
- To link your Snyk account, use these instructions