Search your KSOC image vulnerabilities in multiple accounts for a specific vulnerability name.
In each KSOC account you want to search, create an API token in Settings>API Tokens.
Take note of the Access Key and Secret Access Key. You will also need the Account ID which can be found in the browser address bar.
https://app.ksoc.com/{TENANTID}/accounts/{ACCOUNTID}
Add one entry for each account in the file allaccounts.sh
./images {accessKeyId1} {secretKeyId1} {accountId1}
./images {accessKeyId2} {secretKeyId2} {accountId2}
Then run ./allaccounts.sh. For each account in allaccounts.sh, all the image vulnerability, workload, and cluster data will be downloaded in a files in the local folder.\
The file names are:
{ACCOUNT_ID}-{NAME}-{DIGEST}.image
{ACCOUNT_ID}-{NAME}-{DIGEST}.image.cluster.data
{ACCOUNT_ID}-{NAME}-{DIGEST}.sbom.resource.data
{ACCOUNT_ID}-{NAME}-{DIGEST}.sbom.vuln.data
Run search.sh and include one vulnerability name (e.g. CVE-2023-3817) name as a parameter.
Example:
search.sh CVE-2023-3817
All the images will be searched and results will be seen in STOUT.
You can output the data to a CSV by redirecting STOUT.
Example:
search.sh CVE-2023-3817 > search_CVE-2023-3817.csv
Output includes the following:
- imagename
- imagesource
- mageversion
- vulnName
- dataSource
- severity
- fixIn
- packageName
- packageVersion
- packageType
- workloadname
- workloadtype
- workloadnamespace
- workloadcluster
Example output below for CVE-2023-3817 :
| imagename | imagesource | imageversion | vulnName | dataSource | severity | fixIn | packageName | packageVersion | packageType | workloadname | workloadtype | workloadnamespace | workloadcluster |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| cartservice | gcr.io/google-samples/microservices-demo/ | ["v0.8.0"] | CVE-2023-3817 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817 | SEVERITY_MEDIUM | 3.1.2-r0 | libcrypto3 | 3.1.1-r1 | apk | cartservice-5d844fc8b7-2grvm | Pod | boutique | NYC1 PRD |
| cartservice | gcr.io/google-samples/microservices-demo/ | ["v0.8.0"] | CVE-2023-3817 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817 | SEVERITY_MEDIUM | 3.1.2-r0 | libcrypto3 | 3.1.1-r1 | apk | cartservice-5d844fc8b7-r7ldd | Pod | boutique | EKS US-West-2 PRD |
| cartservice | gcr.io/google-samples/microservices-demo/ | ["v0.8.0"] | CVE-2023-3817 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817 | SEVERITY_MEDIUM | 3.1.2-r0 | libcrypto3 | 3.1.1-r1 | apk | cartservice-5f4f74f58f-pplws | Pod | boutique | Staging |
| cartservice | gcr.io/google-samples/microservices-demo/ | ["v0.8.0"] | CVE-2023-3817 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817 | SEVERITY_MEDIUM | 3.1.2-r0 | libssl3 | 3.1.1-r1 | apk | cartservice-5d844fc8b7-2grvm | Pod | boutique | NYC1 PRD |
| cartservice | gcr.io/google-samples/microservices-demo/ | ["v0.8.0"] | CVE-2023-3817 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817 | SEVERITY_MEDIUM | 3.1.2-r0 | libssl3 | 3.1.1-r1 | apk | cartservice-5d844fc8b7-r7ldd | Pod | boutique | EKS US-West-2 PRD |
| cartservice | gcr.io/google-samples/microservices-demo/ | ["v0.8.0"] | CVE-2023-3817 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817 | SEVERITY_MEDIUM | 3.1.2-r0 | libssl3 | 3.1.1-r1 | apk | cartservice-5f4f74f58f-pplws | Pod | boutique | Staging |
| checkoutservice | gcr.io/google-samples/microservices-demo/ | ["v0.8.0"] | CVE-2023-3817 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817 | SEVERITY_MEDIUM | 3.1.2-r0 | libssl3 | 3.1.0-r4 | apk | checkoutservice-84cb944764-n6vp6 | Pod | boutique | EKS US-West-2 PRD |
| checkoutservice | gcr.io/google-samples/microservices-demo/ | ["v0.8.0"] | CVE-2023-3817 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817 | SEVERITY_MEDIUM | 3.1.2-r0 | libssl3 | 3.1.0-r4 | apk | checkoutservice-84cb944764-nvvgj | Pod | boutique | NYC1 PRD |
| checkoutservice | gcr.io/google-samples/microservices-demo/ | ["v0.8.0"] | CVE-2023-3817 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817 | SEVERITY_MEDIUM | 3.1.2-r0 | libssl3 | 3.1.0-r4 | apk | checkoutservice-85955686b6-frms2 | Pod | boutique | Staging |
| productcatalogservice | gcr.io/google-samples/microservices-demo/ | ["v0.8.0"] | CVE-2023-3817 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817 | SEVERITY_MEDIUM | 3.1.2-r0 | libssl3 | 3.1.0-r4 | apk | productcatalogservice-5b9df8d49b-bhh9h | Pod | boutique | NYC1 PRD |
| productcatalogservice | gcr.io/google-samples/microservices-demo/ | ["v0.8.0"] | CVE-2023-3817 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817 | SEVERITY_MEDIUM | 3.1.2-r0 | libssl3 | 3.1.0-r4 | apk | productcatalogservice-5b9df8d49b-jc89p | Pod | boutique | EKS US-West-2 PRD |
| productcatalogservice | gcr.io/google-samples/microservices-demo/ | ["v0.8.0"] | CVE-2023-3817 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817 | SEVERITY_MEDIUM | 3.1.2-r0 | libssl3 | 3.1.0-r4 | apk | productcatalogservice-7b86f9b946-pw6gz | Pod | boutique | Staging |
| shippingservice | gcr.io/google-samples/microservices-demo/ | ["v0.8.0"] | CVE-2023-3817 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817 | SEVERITY_MEDIUM | 3.1.2-r0 | libssl3 | 3.1.0-r4 | apk | shippingservice-54b465864d-jmfm6 | Pod | boutique | Staging |
| shippingservice | gcr.io/google-samples/microservices-demo/ | ["v0.8.0"] | CVE-2023-3817 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817 | SEVERITY_MEDIUM | 3.1.2-r0 | libssl3 | 3.1.0-r4 | apk | shippingservice-648c56798-b6t55 | Pod | boutique | EKS US-West-2 PRD |
| shippingservice | gcr.io/google-samples/microservices-demo/ | ["v0.8.0"] | CVE-2023-3817 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817 | SEVERITY_MEDIUM | 3.1.2-r0 | libssl3 | 3.1.0-r4 | apk | shippingservice-648c56798-lt65x | Pod | boutique | NYC1 PRD |