General Configurations

System-Wide CVE Allowlist

You can manage your deployment security by excluding certain vulnerabilities – entries in the Common Vulnerabilities and Exposures List – from the health score calculation. Project admins can do this on the project level re-using system-wide CVE lists or creating their own.

Add Items to a System-Wide CVE Allowlist

  • In the navigation pane, expand Administration;
  • Go to Configuration;
  • Open System Settings;

  • Scroll down to Deployment Security;
  • Click ADD;
  • Find the vulnerability in this database;
  • Enter the items separated by simple commans or line breaks;
  • Select an expiration date for the allowlist or click Never expires;
  • Click ADD;
  • Click Save.

Edit Existing System-Wide CVE Allowlist

Still in the Deployment security, click on the x next to the CVE index to remove it from the system-wide allowlist.

Vulnerability Database Updates

If you have vulnerability scanners Clair or Anchore, you can see when these databases were updated for the last time. The timestamp can be accessed under Administration -> Interrogation Services -> Vulnerability.