CVE Analyzer

The CVE Analyzer scans the Istio service mesh for known vulnerabilities in Istio and Envoy proxy. The CVE Analyzer provides information about the vulnerabilities detected in the service mesh and recommendations to mitigate the vulnerabilities. The CVE Analyzer is used to ensure that your Istio service mesh is secure and protected from known vulnerabilities. TIS CVE Analyzer uses same technology as Tetrate Vulnerability Scanner (TVS) to detect CVEs in Istio and Envoy.

CVE Analyzer: How It Works

TIS CVE Analyzer operates by collecting digests of the installed Istio containers across multiple clusters and sending them to Tetrate's APIs. These APIs then analyze the data to detect any CVEs present in those images. Tetrate ensures privacy by logging only the SHA digests without attaching any personal information, including IP addresses. The SHA is utilized solely to identify the image and its CVEs.

CVE Analyzer Overview

TIS Dashboard Overview page shows aggregated information about the CVEs detected in the Istio service mesh across multiple clusters. The Overview page provides a summary of the CVEs detected in the service mesh, including the severity percentage of the CVEs, and the affected components.

Aggregated CVE reports from all clusters

Aggregated CVE details from all clusters

CVE Analyzer Page

The CVE Analyzer page shows list of CVE detected in the Istio service mesh. The CVE list provides detailed information about the CVEs detected from multiple Istio clusters.

CVE list detected from multiple Istio clusters

The CVE Analyzer also provides detailed information about the CVEs detected in each cluster, including the CVE ID, severity, affected components, and recommendations to mitigate the vulnerabilities. The CVE Analyzer also provides a history of the CVEs detected in the service mesh, enabling you to track the changes and updates to the vulnerabilities over time.

CVE detail page shows detailed information of CVE and history

CVE detail page shows detailed information affected workload