7.2. Querying image vulnerabilities from the CLI
Using the oc command, you can display information about vulnerabilities detected by the Container Security Operator.
Prerequisites
- Be running the Container Security Operator on your OpenShift Container Platform instance
Procedure
To query for detected container image vulnerabilities, type:
$ oc get vuln --all-namespaces
Example output
NAMESPACE NAME AGE default sha256.ca90... 6m56s skynet sha256.ca90... 9m37s
To display details for a particular vulnerability, provide the vulnerability name and its namespace to the
oc describecommand. This example shows an active container whose image includes an RPM package with a vulnerability:$ oc describe vuln --namespace mynamespace sha256.ac50e3752...
Example output
Name: sha256.ac50e3752... Namespace: quay-enterprise ... Spec: Features: Name: nss-util Namespace Name: centos:7 Version: 3.44.0-3.el7 Versionformat: rpm Vulnerabilities: Description: Network Security Services (NSS) is a set of libraries...
