Overview

The Security Analysis plug-in summarizes vulnerability data across all workloads running in Tanzu Application Platform, enabling faster identification and remediation of CVEs, part of Tanzu Application Platform Full and View profiles.

In TAP-GUI, Security Analysis plug-in is accessible from the left navigation panel. Click the Security Analysis button to open the Security Analysis dashboard.

Vulnerability Data:

The Security Analysis dashboard provides a summary of all vulnerabilities across all clusters for single-cluster and multi-cluster deployments.

The Vulnerabilities by Severity widget quickly counts the number of critical, high, medium, low, and unknown severity CVEs, based on the CVSS severity rating of each CVE. It includes a sum of all workloads’ source and image scan vulnerabilities. For example, if CVE-123 exists in Workload ABC’s and Workload DEF’s latest source scans and image scans, it is counted four times.

Note: The sum includes any CVEs on the allowlist (ignoreCVEs).

Viewing CVE and package details The Security Analysis plug-in has a CVE page and a Package page. These are accessed by clicking on a workload name, which opens the Supply Chain Choregrapher plug-in. Clicking on the CVE or Package name opens the CVE or Package page, respectively.

Click on deployed app and you will be redirected to supply chain choreographer plugin page as shown below, click on Source Scanner or Image Scanner to check the list of vulnerabilities: