Container Tools Mapping
The table below shows the triage and severity status mappings for all of the Container tools that are supported by Software Risk Manager.
Tools are listed alphabetically. Tool results are mapped to the Software Risk Manager status shown at the top of each column. (A blank cell indicates that an equivalent status value is unavailable or undefined.)
| Container Tool | Critical | High | Medium | Low | Info | Unspecified |
|---|---|---|---|---|---|---|
| Anchore | critical | high | medium | low | negligible | |
| Aqua CSP | critical | malware, high | sensitive data, medium | low | negligible | unknown |
| Check Point CloudGuard | Critical | High | Medium | Low | Informational | |
| Dynatrace* | CRITICAL | HIGH | MEDIUM | LOW | ||
| Grype Reader | Critical | High | Medium | Low | Unknown | |
| Harbor | Critical | High | Medium | Low | Negligible | Unknown |
| Microsoft Defender for Cloud | Critical | High | Medium | Low | ||
| Orca Security | CRITICAL | HIGH | MEDIUM | LOW | INFO | |
| Prisma Cloud Compute (Twistlock) | critical / important | high | medium / moderate | low | ||
| Snyk Container | critical | high | medium | low | ||
| Trivy | CRITICAL | HIGH | MEDIUM | LOW | UNKNOWN |
| Container Tool | Gone | New | Ignored | False Positive | To Be Fixed | Mitigated | Fixed |
|---|---|---|---|---|---|---|---|
| Anchore | |||||||
| Aqua CSP | |||||||
| Check Point CloudGuard | |||||||
| Dynatrace* | RESOLVED | ||||||
| Grype Reader | Fixed | not-fixed, unknown | wont-fix | ||||
| Harbor | |||||||
| Microsoft Defender for Cloud | |||||||
| Orca Security | |||||||
| Prisma Cloud Compute (Twistlock) | |||||||
| Snyk Container | ignored | patched | |||||
| Trivy |
*Dynatrace only produces severities for Vulnerability results and not for Attack results. Dynatrace Attack findings will have no severity in SRM.