keithli_FTNT
Staff
Staff

Description

FortiCWP integrates into the CI/CD pipeline to help verify container images being built are safe and free from known vulnerabilities. It also regularly scans registries and repositories to make sure container images used in production environments are safe.

This article describes how to use FortiCWP to protect the CI/CD pipeline and detect the presence of Log4j2 vulnerability in container images. The vulnerability is assigned CVE-2021-44228.

 

For more information about this attack and vulnerability, see the FortiGuard Outbreak Alert:

FortiGuard Outbreak Alert - Log4j2 Vulnerability

 

Scope

This article applies to FortiCWP in Container Protection mode. For more information, visit Container Protection in FortiCWP's Online Help.

 

Solution

Create custom CI/CD pipeline policy to protect against Log4j2 Vulnerability

1. Log into FortiCWP, click and switch to Container Protection from the platform menu.

FortiCWP-Container.png

 

2. Go to POLICY CONFIG > CI/CD Integration, click +ADD New to add a new CI/CD Integration policy.

3. Give a policy name, e.g. CVE Log4j2.

FortiCWP-Policy.png

 

4.In Resources, specify the Jenkins Project/Url or images to protect against the vulnerability, or enter .* to protect all images.

5. In Block If section, check the Critical Severity level and give any number of vulnerabilities.

6. Make sure Enabled is switched to On.

7. Click Show Advanced Settings.

8. In CVE Blocklist, enter “CVE-2021-44228” and click +Add button.

FortiCWP-CVE-Blocklist.png

 

9. Click Add CI/CD Integration Policy to finish.

10. Go to FORTIVIEW > CI/CD Integration to view Jenkin projects blocked by the policy.

FortiCWP-Project.png

 

At the same time, the same project on Jenkins is also blocked from being deployed:

FortiCWP-Jenkins.png

 

Detect Log4j2 Vulnerability in Container Registry

Registry/Repository scan utilizes Common Vulnerabilities and Exposures (CVE) index regularly updated by NVD in real time to detect underlying vulnerabilities, security flaws, and provides security best practices. 

Steps to identify registry/repository that is infected by Log4j2 vulnerability:

1. Log into FortiCWP, click and switch to Container Protection from the platform menu.

FortiCWP-Dashboard.png

 

2. Go to FORTIVIEW > Container Image.

3. Select a registry from the Registry menu.

FortiCWP-Registry.png

 

4. In Search field, enter “CVE-2021-44228”, and press enter.

5. The result will show repository that is infected by Log4j2

FortiCWP-Repo.png

 

6. Click on Image Details button to show image details on the vulnerability and potential fix.

FortiCWP-Vuln-Details.png

 

7. Repeat step#3-6 for all the registries.