Vulnerability Reports
Oracle Cloud Infrastructure Vulnerability Scanning Service scans your targets based on the schedule and scanning properties in the recipe assigned to each target. Use vulnerabilities reports to identify security issues in your targets like critical OS patches.
At least one target must exist before any vulnerabilities reports are created. See Managing Targets.
Oracle uses common vulnerabilities and exposures (CVE) numbers to identify security vulnerabilities for operating systems and other software, including critical patch updates and security alert advisories. CVE numbers are unique, common identifiers for publicly known information about security vulnerabilities. View Qualys IDs (QIDs) in the Vulnerability Scanning service user interface.
The Vulnerability Scanning service saves the results for a Compute instance in the same compartment as the instance's Vulnerability Scanning target.
Consider the following example.
- The Compute instance
MyInstanceis inCompartmentA. MyInstanceis specified inTarget1.Target1is inCompartmentB.- All reports related to
MyInstanceare inCompartmentB.
The Vulnerability Scanning service categorizes problems by these risk levels.
- Critical- the most serious problems detected, which should be your highest priority to resolve.
- High- the next most serious problems.
- Medium- problems that are less serious.
- Low- problems that are still less serious.
- Minor- the least serious problems detected; they still need be resolved eventually, but can be your lowest priority.
This section contains the following topics: