Scan App-Embedded workloads

App-Embedded Defenders can scan their workloads for vulnerabilities.
To see the scan reports, go to
Monitor > Vulnerabilities > Images > Deployed
You can filter the table by:
  • App-Embedded: Select
     — Narrows the results to just images protected by App-Embedded Defender.
  • App ID
     — Narrows the list to specific images. App IDs are listed under the table’s
    Apps
    column.
    For ECS Fargate tasks, the App ID is partially constructed from the task name. AWS Fargate tasks can run multiple containers. All containers in a Fargate task have the same App ID.
    For all other workloads protected by App-Embedded Defender, the App ID is partially constructed from app name, which is a deploy-time configuration set in the App ID field of the embed workflow.
You can use wildcards to filter the table by app/image name. For example, if the app name is dvwa, then you could find all deployments with Repository: dvwa*. This filter would show dvwa:0438dc81a9144fab8cf09320b0e1922b and dvwa:538359b5f7f54559ab227375fe68cd7a.

Create vulnerability rules

Create a vulnerability rule for a segment of App-Embedded workloads.